[5.x]: Order PDF download URL with expired token returns "Invalid Token" error

[anthonyjc]

What happened?

Description

After upgrading from Craft Commerce 4.x to 5.x, a request for an order PDF download with an expired token throws an "Invalid token" error.

In Craft Commerce 4.x, download URLs with expired tokens would show an "expired link" page with the option to send a new download link to the order email.

Steps to reproduce

1. Create an order email with a template that includes a PDF download link: {{ order.getPdfUrl() }}
2. Create an order PDF with a short expiry (eg. 60 seconds)
3. Update default order status to send test email
4. Complete a test order to trigger an order email
5. Within 60 seconds: via incognito (ie. not logged in): open the PDF URL link. Confirm PDF downloads OK
6. After 60 seconds: via incognito (ie. not logged in): open the PDF URL link. See "Invalid token" error

Expected behavior

Once token has expired, the user should be redirected to an "expired link" page with the option to send a new download link to the order email.

Actual behavior

HTTP 400 – Bad Request
Invalid token

Craft CMS version

5.10.4.1

Craft Commerce version

5.6.5

PHP version

8.3.21

Operating system and version

Linux 6.6.114.1-microsoft-standard-WSL2

Database type and version

MySQL 8.0.40

Image driver and version

N/A

Installed plugins and versions

• Postmark 3.1.0

[linear-code]

COM-572