Fix external URI proxy bypass and client-side rendering

namedgraph · claude · namedgraph · commit 9b45c97c637e · 2026-04-12T11:58:21.000+02:00
- ProxyRequestFilter: use Core-only MediaTypes (no HTML) with combined
  Model+ResultSet writable variant list; selectVariant==null is the sole
  bypass signal so Accept:*/* correctly reaches the proxy instead of
  falling through to the HTML handler
- Thread pre-computed Variant through all getResponse() overloads to
  avoid a second selectVariant call inside Core's Response constructor
- client.xsl onsubmit: skip the XHTML round-trip for external URIs and
  call PushState + RDFDocumentLoad directly, advancing the progress bar
  to 66% between the two steps; fixes the double-click issue
- client.xsl ldh:rdf-document-response: respect the #layout-modes mode
  selector for client-side rendered external resources; refactor the
  duplicate id('content-body') lookup out of both xsl:choose branches
- ProxyRequestFilterTest: stub Request.selectVariant() to return a
  non-null Variant so both tests reach the logic they exercise

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/ProxyRequestFilter.java b/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/ProxyRequestFilter.java
@@ -93,7 +93,6 @@ public class ProxyRequestFilter implements ContainerRequestFilter
     private static final Logger log = LoggerFactory.getLogger(ProxyRequestFilter.class);
 
     @Inject com.atomgraph.linkeddatahub.Application system;
-    @Inject MediaTypes mediaTypes;
     @Inject jakarta.inject.Provider<Optional<Ontology>> ontology;
     @Context Request request;
 
@@ -105,17 +104,16 @@ public void filter(ContainerRequestContext requestContext) throws IOException
 
         URI targetURI = targetOpt.get();
 
-        // do not proxy (X)HTML requests - let the downstream handler serve the standard app shell page;
-        // Saxon-JS will fetch the target RDF client-side and complete the rendering.
-        // Use proper content negotiation (same as getResponse()) so that a browser Accept header like
-        // "text/html, application/xml;q=0.9, */*;q=0.8" correctly resolves to text/html.
+        // do not proxy requests that don't accept any RDF/SPARQL type — let the downstream handler serve the response.
+        // Core MediaTypes contains only RDF/SPARQL types so selectVariant returns null for HTML-only Accept headers.
+        List<MediaType> writableTypes = new ArrayList<>(getMediaTypes().getWritable(Model.class));
+        writableTypes.addAll(getMediaTypes().getWritable(ResultSet.class));
         List<Variant> variants = com.atomgraph.core.model.impl.Response.getVariants(
-            getMediaTypes().getWritable(Model.class),
+            writableTypes,
             getSystem().getSupportedLanguages(),
             new ArrayList<>());
         Variant selectedVariant = getRequest().selectVariant(variants);
-        if (selectedVariant != null && new HTMLMediaTypePredicate().test(selectedVariant.getMediaType()))
-            return;
+        if (selectedVariant == null) return; // client accepts no RDF/SPARQL type
 
         // strip #fragment (servers do not receive fragment identifiers)
         if (targetURI.getFragment() != null)
@@ -135,7 +133,7 @@ public void filter(ContainerRequestContext requestContext) throws IOException
         {
             if (log.isDebugEnabled()) log.debug("Serving mapped URI from DataManager cache: {}", targetURI);
             Model model = getSystem().getDataManager().loadModel(targetURI.toString());
-            requestContext.abortWith(getResponse(model, Response.Status.OK));
+            requestContext.abortWith(getResponse(model, Response.Status.OK, selectedVariant));
             return;
         }
 
@@ -153,7 +151,7 @@ public void filter(ContainerRequestContext requestContext) throws IOException
                 if (!description.isEmpty())
                 {
                     if (log.isDebugEnabled()) log.debug("Serving URI from namespace ontology: {}", targetURI);
-                    requestContext.abortWith(getResponse(description, Response.Status.OK));
+                    requestContext.abortWith(getResponse(description, Response.Status.OK, selectedVariant));
                     return;
                 }
             }
@@ -200,7 +198,7 @@ else if (agentContext instanceof IDTokenSecurityContext idTokenSecurityContext)
             {
                 // provide the target URI as a base URI hint so ModelProvider / HtmlJsonLDReader can resolve relative references
                 clientResponse.getHeaders().putSingle(com.atomgraph.core.io.ModelProvider.REQUEST_URI_HEADER, targetURI.toString());
-                requestContext.abortWith(getResponse(clientResponse));
+                requestContext.abortWith(getResponse(clientResponse, selectedVariant));
             }
         }
         catch (MessageBodyProviderNotFoundException ex)
@@ -255,83 +253,77 @@ protected Optional<URI> resolveTargetURI(ContainerRequestContext requestContext)
      * Converts a client response from the proxy target into a JAX-RS response.
      *
      * @param clientResponse response from the proxy target
+     * @param selectedVariant pre-computed variant from content negotiation
      * @return JAX-RS response to return to the original caller
      */
-    protected Response getResponse(Response clientResponse)
+    protected Response getResponse(Response clientResponse, Variant selectedVariant)
     {
         if (clientResponse.getMediaType() == null) return Response.status(clientResponse.getStatus()).build();
-        return getResponse(clientResponse, clientResponse.getStatusInfo());
+        return getResponse(clientResponse, clientResponse.getStatusInfo(), selectedVariant);
     }
 
     /**
      * Converts a client response from the proxy target into a JAX-RS response with the given status.
      *
      * @param clientResponse response from the proxy target
      * @param statusType status to use in the returned response
+     * @param selectedVariant pre-computed variant from content negotiation
      * @return JAX-RS response
      */
-    protected Response getResponse(Response clientResponse, Response.StatusType statusType)
+    protected Response getResponse(Response clientResponse, Response.StatusType statusType, Variant selectedVariant)
     {
         MediaType formatType = new MediaType(clientResponse.getMediaType().getType(), clientResponse.getMediaType().getSubtype()); // discard charset param
 
         Lang lang = RDFLanguages.contentTypeToLang(formatType.toString());
         if (lang != null && ResultSetReaderRegistry.isRegistered(lang))
         {
             ResultSetRewindable results = clientResponse.readEntity(ResultSetRewindable.class);
-            return getResponse(results, statusType);
+            return getResponse(results, statusType, selectedVariant);
         }
 
         Model model = clientResponse.readEntity(Model.class);
-        return getResponse(model, statusType);
+        return getResponse(model, statusType, selectedVariant);
     }
 
     /**
-     * Builds a content-negotiated response for the given RDF model.
+     * Builds a response for the given RDF model using a pre-computed variant.
      *
      * @param model RDF model
      * @param statusType response status
+     * @param selectedVariant pre-computed variant from content negotiation
      * @return JAX-RS response
      */
-    protected Response getResponse(Model model, Response.StatusType statusType)
+    protected Response getResponse(Model model, Response.StatusType statusType, Variant selectedVariant)
     {
-        List<Variant> variants = com.atomgraph.core.model.impl.Response.getVariants(
-            getMediaTypes().getWritable(Model.class),
-            getSystem().getSupportedLanguages(),
-            new ArrayList<>());
-
         return new com.atomgraph.core.model.impl.Response(getRequest(),
                 model,
                 null,
                 new EntityTag(Long.toHexString(ModelUtils.hashModel(model))),
-                variants,
+                selectedVariant,
                 new HTMLMediaTypePredicate()).
             getResponseBuilder().
             status(statusType).
             build();
     }
 
     /**
-     * Builds a content-negotiated response for the given SPARQL result set.
+     * Builds a response for the given SPARQL result set using a pre-computed variant.
      *
      * @param resultSet SPARQL result set
      * @param statusType response status
+     * @param selectedVariant pre-computed variant from content negotiation
      * @return JAX-RS response
      */
-    protected Response getResponse(ResultSetRewindable resultSet, Response.StatusType statusType)
+    protected Response getResponse(ResultSetRewindable resultSet, Response.StatusType statusType, Variant selectedVariant)
     {
         long hash = ResultSetUtils.hashResultSet(resultSet);
         resultSet.reset();
 
-        List<Variant> variants = com.atomgraph.core.model.impl.Response.getVariants(
-            getMediaTypes().getWritable(ResultSet.class),
-            getSystem().getSupportedLanguages(),
-            new ArrayList<>());
-
         return new com.atomgraph.core.model.impl.Response(getRequest(),
                 resultSet,
                 null,
                 new EntityTag(Long.toHexString(hash)),
-                variants,
+                selectedVariant,
                 new HTMLMediaTypePredicate()).
             getResponseBuilder().
             status(statusType).
@@ -360,12 +352,13 @@ public Optional<Ontology> getOntology()
 
     /**
      * Returns the media types registry.
+     * Core MediaTypes do not include (X)HTML types, which is what we want here.
      *
      * @return media types
      */
     public MediaTypes getMediaTypes()
     {
-        return mediaTypes;
+        return new MediaTypes();
     }
 
     /**
diff --git a/src/main/webapp/static/com/atomgraph/linkeddatahub/xsl/client.xsl b/src/main/webapp/static/com/atomgraph/linkeddatahub/xsl/client.xsl
@@ -559,41 +559,65 @@ WHERE
                 <!-- store ETag header value under window.LinkedDataHub.contents[$uri].etag -->
                 <ixsl:set-property name="etag" select="$etag" object="ixsl:get(ixsl:get(ixsl:window(), 'LinkedDataHub.contents'), '`' || $uri || '`')"/>
 
-                <xsl:choose>
-                    <xsl:when test="not(starts-with($uri, $ldt:base))">
-                        <!-- external ?uri= resource: replace home page content-body with resource description;
-                             Saxon-JS fetches the RDF data client-side (ldh:RDFDocumentLoad) and renders it here -->
-                        <xsl:for-each select="id('content-body', ixsl:page())">
+                <xsl:for-each select="id('content-body', ixsl:page())">
+                    <xsl:choose>
+                        <xsl:when test="not(starts-with($uri, $ldt:base))">
+                            <!-- external ?uri= resource: replace home page content-body with resource description;
+                                 Saxon-JS fetches the RDF data client-side (ldh:RDFDocumentLoad) and renders it here -->
                             <xsl:result-document href="?." method="ixsl:replace-content">
-                                <xsl:apply-templates select="$results/rdf:RDF" mode="bs2:Row">
-                                    <xsl:with-param name="create-resource" select="false()"/>
-                                    <xsl:with-param name="classes" select="()"/>
-                                </xsl:apply-templates>
+                                <xsl:choose>
+                                    <xsl:when test="ac:mode() = '&ldh;ContentMode'">
+                                        <xsl:apply-templates select="$results/rdf:RDF" mode="ldh:ContentList"/>
+                                    </xsl:when>
+                                    <xsl:when test="ac:mode() = '&ac;MapMode'">
+                                        <xsl:apply-templates select="$results/rdf:RDF" mode="bs2:Map">
+                                            <xsl:with-param name="id" select="generate-id() || '-map-canvas'"/>
+                                            <xsl:sort select="ac:label(.)"/>
+                                        </xsl:apply-templates>
+                                    </xsl:when>
+                                    <xsl:when test="ac:mode() = '&ac;ChartMode'">
+                                        <xsl:apply-templates select="$results/rdf:RDF" mode="bs2:Chart">
+                                            <xsl:with-param name="canvas-id" select="generate-id() || '-chart-canvas'"/>
+                                            <xsl:with-param name="show-save" select="false()"/>
+                                            <xsl:sort select="ac:label(.)"/>
+                                        </xsl:apply-templates>
+                                    </xsl:when>
+                                    <xsl:when test="ac:mode() = '&ac;GraphMode'">
+                                        <xsl:variable name="canvas-id" select="generate-id() || '-graph-canvas'" as="xs:string"/>
+                                        <div id="{$canvas-id}" class="graph-3d-canvas"/>
+                                    </xsl:when>
+                                    <xsl:otherwise>
+                                        <xsl:apply-templates select="$results/rdf:RDF" mode="bs2:Row">
+                                            <xsl:with-param name="create-resource" select="false()"/>
+                                            <xsl:with-param name="classes" select="()"/>
+                                        </xsl:apply-templates>
+                                    </xsl:otherwise>
+                                </xsl:choose>
                             </xsl:result-document>
-                        </xsl:for-each>
-                    </xsl:when>
-                    <xsl:otherwise>
-                        <!-- this has to go after <xsl:result-document href="#{$container-id}"> because otherwise new elements will be injected and the lookup will not work anymore -->
-                        <!-- load top-level content blocks -->
-                        <xsl:for-each select="id('content-body', ixsl:page())/div">
-                            <!-- container could be hidden server-side -->
-                            <ixsl:set-style name="display" select="'block'"/>
-
-                            <!-- one top-level <div> can contain multiple blocks that need to be rendered via factory -->
-                            <xsl:variable name="factories" as="(function(item()?) as item()*)*">
-                                <xsl:apply-templates select="." mode="ldh:RenderRow">
-                                    <xsl:with-param name="refresh-content" select="$refresh-content"/>
-                                </xsl:apply-templates>
-                            </xsl:variable>
-
-                            <xsl:for-each select="$factories">
-                                <xsl:variable name="factory" select="."/>
-                                <!-- fire the promise chain once, passing a dummy start value -->
-                                <ixsl:promise select="$factory(())" on-failure="ldh:promise-failure#1"/>
+                        </xsl:when>
+                        <xsl:otherwise>
+                            <!-- this has to go after <xsl:result-document href="#{$container-id}"> because otherwise new elements will be injected and the lookup will not work anymore -->
+                            <!-- load top-level content blocks -->
+                            <xsl:for-each select="div">
+                                <!-- container could be hidden server-side -->
+                                <ixsl:set-style name="display" select="'block'"/>
+
+                                <!-- one top-level <div> can contain multiple blocks that need to be rendered via factory -->
+                                <xsl:variable name="factories" as="(function(item()?) as item()*)*">
+                                    <xsl:apply-templates select="." mode="ldh:RenderRow">
+                                        <xsl:with-param name="refresh-content" select="$refresh-content"/>
+                                    </xsl:apply-templates>
+                                </xsl:variable>
+
+                                <xsl:for-each select="$factories">
+                                    <xsl:variable name="factory" select="."/>
+                                    <!-- fire the promise chain once, passing a dummy start value -->
+                                    <ixsl:promise select="$factory(())" on-failure="ldh:promise-failure#1"/>
+                                </xsl:for-each>
                             </xsl:for-each>
-                        </xsl:for-each>
-                    </xsl:otherwise>
-                </xsl:choose>
+                        </xsl:otherwise>
+                    </xsl:choose>
+                </xsl:for-each>
 
                 <!-- is a new instance of Service was created, reload the LinkedDataHub.apps data and re-render the service dropdown -->
                 <xsl:if test="//ldt:base or //sd:endpoint">
@@ -978,19 +1002,39 @@ WHERE
             <xsl:variable name="controller" select="ixsl:abort-controller()"/>
             <ixsl:set-property name="saxonController" select="$controller" object="ixsl:get(ixsl:window(), 'LinkedDataHub')"/>
 
-            <xsl:variable name="request" select="map{ 'method': 'GET', 'href': $href, 'headers': map{ 'Accept': 'application/xhtml+xml' } }" as="map(*)"/>
-            <xsl:variable name="context" select="
-              map{
-                'request': $request,
-                'href': $href,
-                'push-state': true()
-              }" as="map(*)"/>
-            <ixsl:promise select="
-              ixsl:http-request($context('request'), $controller)
-                => ixsl:then(ldh:rethread-response($context, ?))
-                => ixsl:then(ldh:handle-response#1)
-                => ixsl:then(ldh:xhtml-document-loaded#1)
-            " on-failure="ldh:promise-failure#1"/>
+            <xsl:choose>
+                <!-- external URI: LDH no longer proxies HTML requests (ProxyRequestFilter), so fetching XHTML
+                     would just return the same app shell already loaded. Skip that round-trip and load RDF directly. -->
+                <xsl:when test="not(starts-with($uri, $ldt:base))">
+                    <xsl:call-template name="ldh:PushState">
+                        <xsl:with-param name="href" select="$href"/>
+                        <xsl:with-param name="title" select="()"/>
+                        <xsl:with-param name="container" select="id($body-id, ixsl:page())"/>
+                    </xsl:call-template>
+                    <xsl:for-each select="id('content-body', ixsl:page())//div[contains-token(@class, 'bar')]">
+                        <ixsl:set-style name="width" select="'66%'"/>
+                    </xsl:for-each>
+                    <xsl:call-template name="ldh:RDFDocumentLoad">
+                        <xsl:with-param name="uri" select="$uri"/>
+                    </xsl:call-template>
+                </xsl:when>
+                <!-- internal URI: fetch updated page shell and replace content -->
+                <xsl:otherwise>
+                    <xsl:variable name="request" select="map{ 'method': 'GET', 'href': $href, 'headers': map{ 'Accept': 'application/xhtml+xml' } }" as="map(*)"/>
+                    <xsl:variable name="context" select="
+                      map{
+                        'request': $request,
+                        'href': $href,
+                        'push-state': true()
+                      }" as="map(*)"/>
+                    <ixsl:promise select="
+                      ixsl:http-request($context('request'), $controller)
+                        => ixsl:then(ldh:rethread-response($context, ?))
+                        => ixsl:then(ldh:handle-response#1)
+                        => ixsl:then(ldh:xhtml-document-loaded#1)
+                    " on-failure="ldh:promise-failure#1"/>
+                </xsl:otherwise>
+            </xsl:choose>
         </xsl:if>
     </xsl:template>
     
diff --git a/src/test/java/com/atomgraph/linkeddatahub/server/filter/request/ProxyRequestFilterTest.java b/src/test/java/com/atomgraph/linkeddatahub/server/filter/request/ProxyRequestFilterTest.java
@@ -32,6 +32,7 @@
 import jakarta.ws.rs.core.Request;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.UriInfo;
+import jakarta.ws.rs.core.Variant;
 import java.io.IOException;
 import java.net.URI;
 import java.util.List;
@@ -62,6 +63,7 @@ public class ProxyRequestFilterTest
     @Mock com.atomgraph.linkeddatahub.Application system;
     @Mock MediaTypes mediaTypes;
     @Mock Request request;
+    @Mock Variant selectedVariant;
     @Mock Ontology ontology;
 
     @InjectMocks ProxyRequestFilter filter;
@@ -88,6 +90,7 @@ public void setUp()
         when(system.getDataManager()).thenReturn(dataManager);
         when(dataManager.isMapped(anyString())).thenReturn(false);
         when(system.isEnableLinkedDataProxy()).thenReturn(false);
+        when(request.selectVariant(any())).thenReturn(selectedVariant);
         filter.ontology = () -> Optional.empty();
     }
 
