Skip to content

[WebProfilerBundle] Fix interception for non conventional redirects #59033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 10, 2025
Merged

[WebProfilerBundle] Fix interception for non conventional redirects #59033

merged 1 commit into from
Feb 10, 2025

Conversation

Huluti
Copy link
Contributor

@Huluti Huluti commented Nov 29, 2024
edited by nicolas-grekas
Loading

Q A
Branch? 6.4
Bug fix? no
New feature? no
Deprecations? no
Issues
License MIT

@carsonbot carsonbot added this to the 7.2 milestone Nov 29, 2024
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 7.3 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@Huluti Huluti changed the title Fix interception non conventional redirects Fix interception for non conventional redirects Nov 29, 2024
stof
stof reviewed Nov 29, 2024
View reviewed changes
Copy link
Member

@stof stof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-1 for this PR for now

src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php Outdated
@@ -99,13 +99,19 @@ public function onKernelResponse(ResponseEvent $event): void
return;
}

// do not capture redirects done in a non-conventional way (http-equiv="refresh" tag,...).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you actually returning a response using the HTTP status code of the redirection without the header providing the redirection location ?

http-equiv="refresh" is not a redirection (and so to me, it looks like it should be a 200 status code)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you actually returning a response using the HTTP status code of the redirection without the header providing the redirection location ?`
yes that's it!

// Metatag template redirection
if (!is_null($cachedLink->metatag)) {
    // As we need to have custom meta tags, we need an intermediary template
    // Redirection will be done either by browser or in JS
    $response = $this->render('app/redirects/metatag.html.twig', [
        'metatag' => $cachedLink->metatag,
        'redirectUrl' => $data['redirectUrl'],
    ]);

    $response->setStatusCode(Response::HTTP_FOUND);

    foreach ($data['headers'] as $key => $value) {
        $response->headers->set($key, $value);
    }

    return $response;
}

and the template has the http-equiv="refresh" tag.
for me it's because I develop an URL shortener, and this method allow to customize social media tags before the redirect.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So maybe you have an idea on how to handle this on the Symfony side ? or maybe I'm wrong by doing this but it works well.
In all cases there is an exception in such case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still wondering why you use a redirection status code in your response when you don't properly return a redirection (you return an HTML page that will trigger another navigation, which is not a HTTP redirection)

@Huluti
Copy link
Contributor Author

Huluti commented Nov 29, 2024

Yes there's something wrong! Let me fix this PR :)

@Huluti Huluti force-pushed the fix-interception-non-conventional-redirects branch 2 times, most recently from d5a5363 to 7954c8d Compare November 29, 2024 11:05
@stof
Copy link
Member

stof commented Nov 29, 2024

Looking at the HTTP specification, the Location header is not required for redirection status codes (the spec says that servers SHOULD generate such header), which would then not be followed automatically by clients.
I would say that the condition for intercepting redirects (replacing them with this special page) should be updated to include a condition that the response has a Location header.

@nicolas-grekas
Copy link
Member

What about patching WebDebugToolbarListener.php instead? and not render this template if there is no Location?

@nicolas-grekas
Copy link
Member

Friendly ping @Huluti
Up to implement my proposal?

@carsonbot carsonbot changed the title Fix interception for non conventional redirects [WebProfilerBundle] Fix interception for non conventional redirects Feb 10, 2025
@nicolas-grekas nicolas-grekas modified the milestones: 7.2, 6.4 Feb 10, 2025
@nicolas-grekas nicolas-grekas changed the base branch from 7.2 to 6.4 February 10, 2025 14:48
@nicolas-grekas nicolas-grekas force-pushed the fix-interception-non-conventional-redirects branch from 7954c8d to 416aa0e Compare February 10, 2025 14:48
@nicolas-grekas
Copy link
Member

Thank you @Huluti.

@nicolas-grekas nicolas-grekas merged commit 068105e into symfony:6.4 Feb 10, 2025
4 of 11 checks passed
This was referenced Feb 26, 2025
Merged
Merged
renovate bot added a commit to Runroom/archetype-symfony that referenced this pull request Feb 28, 2025
@renovate
Update symfony packages to v7.2.4 (patch) (#4441)
9c12819 
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [symfony/framework-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/framework-bundle)) |
`7.2.3` -> `7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fframework-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fframework-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fframework-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fframework-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/messenger](https://symfony.com)
([source](https://redirect.github.com/symfony/messenger)) | `7.2.3` ->
`7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fmessenger/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fmessenger/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fmessenger/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fmessenger/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/stopwatch](https://symfony.com)
([source](https://redirect.github.com/symfony/stopwatch)) | `7.2.2` ->
`7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fstopwatch/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fstopwatch/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fstopwatch/7.2.2/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fstopwatch/7.2.2/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/web-profiler-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/web-profiler-bundle)) |
`7.2.3` -> `7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fweb-profiler-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fweb-profiler-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fweb-profiler-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fweb-profiler-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>symfony/framework-bundle (symfony/framework-bundle)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/framework-bundle/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/framework-bundle/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/framework-bundle@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59198](https://redirect.github.com/symfony/symfony/issues/59198)
\[Messenger] Filter out non-consumable receivers when registering
`ConsumeMessagesCommand` (@&#8203;wazum)
- bug
[symfony/symfony#59781](https://redirect.github.com/symfony/symfony/issues/59781)
\[Mailer] fix multiple transports default injection
([@&#8203;fkropfhamer](https://redirect.github.com/fkropfhamer))
- bug
[symfony/symfony#59829](https://redirect.github.com/symfony/symfony/issues/59829)
\[FrameworkBundle] Disable the keys normalization of the CSRF form field
attributes ([@&#8203;sukei](https://redirect.github.com/sukei))
- bug
[symfony/symfony#59728](https://redirect.github.com/symfony/symfony/issues/59728)
\[Form]\[FrameworkBundle] Use auto-configuration to make the default
CSRF token id apply only to the app; not to bundles
([@&#8203;nicolas-grekas](https://redirect.github.com/nicolas-grekas))

</details>

<details>
<summary>symfony/messenger (symfony/messenger)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/messenger/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/messenger/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/messenger@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59198](https://redirect.github.com/symfony/symfony/issues/59198)
\[Messenger] Filter out non-consumable receivers when registering
`ConsumeMessagesCommand` (@&#8203;wazum)

</details>

<details>
<summary>symfony/stopwatch (symfony/stopwatch)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/stopwatch/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/stopwatch/compare/v7.2.2...v7.2.4)

**Changelog**
(symfony/stopwatch@v7.2.3...v7.2.4)

-   no significant changes

</details>

<details>
<summary>symfony/web-profiler-bundle
(symfony/web-profiler-bundle)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/web-profiler-bundle/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/web-profiler-bundle/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/web-profiler-bundle@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59776](https://redirect.github.com/symfony/symfony/issues/59776)
\[WebProfilerBundle] fix rendering notifier message options
([@&#8203;xabbuh](https://redirect.github.com/xabbuh))
- bug
[symfony/symfony#59033](https://redirect.github.com/symfony/symfony/issues/59033)
\[WebProfilerBundle] Fix interception for non conventional redirects
([@&#8203;Huluti](https://redirect.github.com/Huluti))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Runroom/archetype-symfony).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stof stof stof left review comments

@lyrixx lyrixx Awaiting requested review from lyrixx

@yceruto yceruto Awaiting requested review from yceruto

@chalasr chalasr Awaiting requested review from chalasr

@dunglas dunglas Awaiting requested review from dunglas

@OskarStark OskarStark Awaiting requested review from OskarStark

@jderusse jderusse Awaiting requested review from jderusse

@xabbuh xabbuh Awaiting requested review from xabbuh

Assignees
No one assigned
Labels
Bug Status: Needs Review WebProfilerBundle
Projects
None yet
Milestone
6.4
Development

Successfully merging this pull request may close these issues.
4 participants
@Huluti @carsonbot @stof @nicolas-grekas