Redirects to external URLs are not allowed by default

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to: navigation, search
  • Full message: Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.
  • Found in: Drupal 8.1.3
  • Discussion: Google+

A patch which solves this problem (probably needs further work/discussion before turning it into a patch) is in two parts:

Part One

File: {drupal}/core/lib/Drupal/Core/DrupalKernel.php, function initializeRequestGlobals():

 
  protected function initializeRequestGlobals(Request $request) {
    global $base_url;
    // Set and derived from $base_url by this function.
    global /*$base_path,*/ $base_root;
    global $base_secure_url, $base_insecure_url;
    // 2016-07-04 Woozle patch for when the URL doesn't match the filename
    global $base_path_override;
 
    /* Woozle notes (attempt to document/regularize meaning of globals):
      INPUT:
	$base_path_override ([W new] optional): correct /path/ from domain to Drupal
	  * Set this if Drupal detects it wrong. (That happens here.)
      INTERNAL ([W mod: was global])
	$base_path		/path/ from domain to Drupal
	  * with trailing slash
	  * see NOTE - may be calculated internally or set externally
      OUTPUT:
	$base_root:		protocol://domain
	  * no trailing slash
	  * only http and https supported for protocol
	$base_url:		[$base_root]/path
	  * no trailing slash
	  * if Drupal installed in root folder, this should be same as $base_root
	$base_secure_url	https://domain/path
	  * calculated from $base_url
	  * no trailing slash
	$base_insecure_url	http://domain/path
	  * calculated from $base_url
	  * no trailing slash
      NOTE:
	* If $base_path_override is set, then:
	  * $base_path = $base_path_override
	  * $base_url = $base_root + $base_path - [trailing slash]
	* If $base_path_override is NOT set, then:
	  * The same basic logic applies, but it's more complicated.
    */
 
    // Create base URL.
    $base_root = $request->getSchemeAndHttpHost();
 
    if (isset($base_path_override)) {
	$base_path  = $base_path_override;
	$base_path_slashless = rtrim($base_path,'/');
	$base_url = $base_root.$base_path_slashless;
    } else {
	// [Wzl - existing code] try to guess the base URL from the script's filename
	$base_url = $base_root;
	// For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
	// '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
	if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) {
	  // Remove "core" directory if present, allowing install.php,
	  // authorize.php, and others to auto-detect a base path.
	  $core_position = strrpos($dir, '/core');
	  if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
	    $base_path = substr($dir, 0, $core_position);
	  }
	  else {
	    $base_path = $dir;
	  }
	  $base_url .= $base_path;
	  $base_path .= '/';
	}
	else {
	  $base_path = '/';
	}
	$domain_url = $base_url;
    }
    $base_secure_url = str_replace('http://', 'https://', $base_url);
    $base_insecure_url = str_replace('https://', 'http://', $base_url);
  }
 

Part Two

File: {drupal}/sites/default/settings.php -- add the following:

 
global $base_path_override;
$base_path_override = '/';
 

(This assumes you have .htaccess configured to put Drupal in http://domain.name/ (root) rather than in some other subfolder. Adjust as necessary.)

This doesn't fix all the problems caused by the usage ambiguity, but it does make forms work again. I have posted an issue on the Drupal forum to try and get this issue properly fixed.