Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WebProfilerBundle] Fix intercept external redirects #52584

Open
wants to merge 1 commit into
base: 6.3
Choose a base branch
from
Open

[WebProfilerBundle] Fix intercept external redirects #52584

wants to merge 1 commit into from

Conversation

HeahDude
Copy link
Contributor

Q A
Branch? 6.3
Bug fix? yes
New feature? no
Deprecations? no
Issues ~
License MIT

When intercepting a redirect to an external host the current output gives:

This request redirects to http://current-host.orghttp://target-host.org/

With this PR, it fixes it too:

This request redirects to http://target-host.org/

We could eventually get rid of the first part of the condition, WDYT?

@carsonbot carsonbot added this to the 6.3 milestone Nov 14, 2023
nicolas-grekas
nicolas-grekas reviewed Nov 17, 2023
View reviewed changes
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_redirect.html.twig
@@ -39,7 +39,7 @@
<div class="block-exception">
<h1>Redirection Intercepted</h1>

{% set absolute_url = host in location ? location : host ~ location %}
{% set absolute_url = host in location or not (location starts with '/') ? location : host ~ location %}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

//protocol-relative URLs are a thing :) Also, . is a hint of a relative URL.

@smnandre
Copy link
Contributor

Maybe we could do this computation in the Controller directly ?

Currently the code look like this (just formatted for clarity)

WebProfilerBundle/EventListener/WebDebugToolbarListener.php

$content = $this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', [
    'location' => $response->headers->get('Location'),
    'host' => $request->getSchemeAndHttpHost()
]);
$response->setContent($content);
$response->setStatusCode(200);
$response->headers->remove('Location');

Something like this could do the job WDYT ?

$content = $this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', [
    'location' => $location = $response->headers->get('Location'),
    'absolute_location' => (new UrlHelper($requestStack))->getAbsoluteUrl($location),
]);
$response->setContent($content);
$response->setStatusCode(200);
$response->headers->remove('Location');

And that'd allow to keep in one place all those 'Location' manipulation / transformations.

Because, even with the best intentions, i'm not sure the template code would be ever "obvious" (e g : host in the template is in fact "scheme + host" but not app.request.host )

WDYT ?

@nicolas-grekas
Copy link
Member

I agree with @smnandre's proposal, the template can't contain this logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

Assignees
No one assigned
Labels
Bug Status: Needs Review WebProfilerBundle
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@HeahDude @smnandre @nicolas-grekas @carsonbot