Skip to content

perf: scope observers to frontend/adminhtml areas only#98

Open
rhoerr wants to merge 1 commit intovpietri:mainfrom
rhoerr:qdb/pr5-event-scoping
Open

perf: scope observers to frontend/adminhtml areas only#98
rhoerr wants to merge 1 commit intovpietri:mainfrom
rhoerr:qdb/pr5-event-scoping

Conversation

@rhoerr
Copy link
Copy Markdown

@rhoerr rhoerr commented Apr 5, 2026

Summary

  • Move all 4 observers from global etc/events.xml to area-specific etc/frontend/events.xml and etc/adminhtml/events.xml
  • Observers no longer fire on REST API, GraphQL, CLI, or cron requests

Security Findings Addressed

ID Finding Severity
M6 Global observers fire on API/CLI/cron unnecessarily Medium

Test plan

  • Verify toolbar still appears on frontend pages
  • Verify toolbar still appears in admin panel
  • Verify API requests (REST/GraphQL) no longer trigger QDB observers
  • Verify CLI commands no longer trigger QDB observers

🤖 Generated with Claude Code

Move all 4 observers from global etc/events.xml to area-specific
etc/frontend/events.xml and etc/adminhtml/events.xml. Observers
no longer fire on REST API, GraphQL, CLI, or cron requests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rhoerr rhoerr marked this pull request as ready for review April 6, 2026 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant