Skip to content

[WebProfilerBundle] Fix intercept external redirects #52584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 9, 2023
Merged

[WebProfilerBundle] Fix intercept external redirects #52584

merged 1 commit into from
Dec 9, 2023

Conversation

HeahDude
Copy link
Contributor

Q A
Branch? 6.3
Bug fix? yes
New feature? no
Deprecations? no
Issues ~
License MIT

When intercepting a redirect to an external host the current output gives:

This request redirects to http://current-host.orghttp://target-host.org/

With this PR, it fixes it too:

This request redirects to http://target-host.org/

We could eventually get rid of the first part of the condition, WDYT?

@carsonbot carsonbot added this to the 6.3 milestone Nov 14, 2023
@smnandre
Copy link
Member

Maybe we could do this computation in the Controller directly ?

Currently the code look like this (just formatted for clarity)

WebProfilerBundle/EventListener/WebDebugToolbarListener.php

$content = $this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', [
    'location' => $response->headers->get('Location'),
    'host' => $request->getSchemeAndHttpHost()
]);
$response->setContent($content);
$response->setStatusCode(200);
$response->headers->remove('Location');

Something like this could do the job WDYT ?

$content = $this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', [
    'location' => $location = $response->headers->get('Location'),
    'absolute_location' => (new UrlHelper($requestStack))->getAbsoluteUrl($location),
]);
$response->setContent($content);
$response->setStatusCode(200);
$response->headers->remove('Location');

And that'd allow to keep in one place all those 'Location' manipulation / transformations.

Because, even with the best intentions, i'm not sure the template code would be ever "obvious" (e g : host in the template is in fact "scheme + host" but not app.request.host )

WDYT ?

@nicolas-grekas
Copy link
Member

I agree with @smnandre's proposal, the template can't contain this logic.

@HeahDude HeahDude force-pushed the fix/intercept-external-redirects branch 3 times, most recently from 16a73a6 to ce01d74 Compare December 9, 2023 16:42
@fabpot fabpot force-pushed the fix/intercept-external-redirects branch from ce01d74 to 4ffadec Compare December 9, 2023 17:13
@fabpot
Copy link
Member

fabpot commented Dec 9, 2023

Thank you @HeahDude.

@fabpot fabpot merged commit c481dba into symfony:6.3 Dec 9, 2023
@HeahDude HeahDude deleted the fix/intercept-external-redirects branch December 9, 2023 17:16
This was referenced Dec 30, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smnandre smnandre smnandre left review comments

@fabpot fabpot fabpot approved these changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Bug Status: Reviewed WebProfilerBundle
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.
6 participants
@HeahDude @smnandre @nicolas-grekas @fabpot @chalasr @carsonbot