Difference between revisions of "Redirects to external URLs are not allowed by default"
(Created page with "<hide> page type::article thing type::error message returned by::Drupal category:error messages </hide> * '''Full message''': Redirects to external URLs are no...") |
|||
(One intermediate revision by the same user not shown) | |||
Line 8: | Line 8: | ||
* '''Found in''': Drupal 8.1.3 | * '''Found in''': Drupal 8.1.3 | ||
* '''Discussion''': [https://plus.google.com/u/0/102282887764745350285/posts/LRH13xU3UaD Google+] | * '''Discussion''': [https://plus.google.com/u/0/102282887764745350285/posts/LRH13xU3UaD Google+] | ||
+ | |||
+ | A patch which solves this problem (probably needs further work/discussion before turning it into a patch) is in two parts: | ||
+ | ==Part One== | ||
+ | '''File''': {drupal}/core/lib/Drupal/Core/DrupalKernel.php, function initializeRequestGlobals(): | ||
+ | <php> | ||
+ | protected function initializeRequestGlobals(Request $request) { | ||
+ | global $base_url; | ||
+ | // Set and derived from $base_url by this function. | ||
+ | global /*$base_path,*/ $base_root; | ||
+ | global $base_secure_url, $base_insecure_url; | ||
+ | // 2016-07-04 Woozle patch for when the URL doesn't match the filename | ||
+ | global $base_path_override; | ||
+ | |||
+ | /* Woozle notes (attempt to document/regularize meaning of globals): | ||
+ | INPUT: | ||
+ | $base_path_override ([W new] optional): correct /path/ from domain to Drupal | ||
+ | * Set this if Drupal detects it wrong. (That happens here.) | ||
+ | INTERNAL ([W mod: was global]) | ||
+ | $base_path /path/ from domain to Drupal | ||
+ | * with trailing slash | ||
+ | * see NOTE - may be calculated internally or set externally | ||
+ | OUTPUT: | ||
+ | $base_root: protocol://domain | ||
+ | * no trailing slash | ||
+ | * only http and https supported for protocol | ||
+ | $base_url: [$base_root]/path | ||
+ | * no trailing slash | ||
+ | * if Drupal installed in root folder, this should be same as $base_root | ||
+ | $base_secure_url https://domain/path | ||
+ | * calculated from $base_url | ||
+ | * no trailing slash | ||
+ | $base_insecure_url http://domain/path | ||
+ | * calculated from $base_url | ||
+ | * no trailing slash | ||
+ | NOTE: | ||
+ | * If $base_path_override is set, then: | ||
+ | * $base_path = $base_path_override | ||
+ | * $base_url = $base_root + $base_path - [trailing slash] | ||
+ | * If $base_path_override is NOT set, then: | ||
+ | * The same basic logic applies, but it's more complicated. | ||
+ | */ | ||
+ | |||
+ | // Create base URL. | ||
+ | $base_root = $request->getSchemeAndHttpHost(); | ||
+ | |||
+ | if (isset($base_path_override)) { | ||
+ | $base_path = $base_path_override; | ||
+ | $base_path_slashless = rtrim($base_path,'/'); | ||
+ | $base_url = $base_root.$base_path_slashless; | ||
+ | } else { | ||
+ | // [Wzl - existing code] try to guess the base URL from the script's filename | ||
+ | $base_url = $base_root; | ||
+ | // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is | ||
+ | // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'. | ||
+ | if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) { | ||
+ | // Remove "core" directory if present, allowing install.php, | ||
+ | // authorize.php, and others to auto-detect a base path. | ||
+ | $core_position = strrpos($dir, '/core'); | ||
+ | if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) { | ||
+ | $base_path = substr($dir, 0, $core_position); | ||
+ | } | ||
+ | else { | ||
+ | $base_path = $dir; | ||
+ | } | ||
+ | $base_url .= $base_path; | ||
+ | $base_path .= '/'; | ||
+ | } | ||
+ | else { | ||
+ | $base_path = '/'; | ||
+ | } | ||
+ | $domain_url = $base_url; | ||
+ | } | ||
+ | $base_secure_url = str_replace('http://', 'https://', $base_url); | ||
+ | $base_insecure_url = str_replace('https://', 'http://', $base_url); | ||
+ | } | ||
+ | </php> | ||
+ | ==Part Two== | ||
+ | '''File''': {drupal}/sites/default/settings.php -- add the following: | ||
+ | <php> | ||
+ | global $base_path_override; | ||
+ | $base_path_override = '/'; | ||
+ | </php> | ||
+ | |||
+ | (This assumes you have .htaccess configured to put Drupal in http://domain.name/ (root) rather than in some other subfolder. Adjust as necessary.) | ||
+ | |||
+ | This doesn't fix ''all'' the problems caused by the usage ambiguity, but it does make forms work again. I have [https://www.drupal.org/node/2761443 posted an issue] on the Drupal forum to try and get this issue properly fixed. |
Latest revision as of 23:14, 6 July 2016
- Full message: Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.
- Found in: Drupal 8.1.3
- Discussion: Google+
A patch which solves this problem (probably needs further work/discussion before turning it into a patch) is in two parts:
Part One
File: {drupal}/core/lib/Drupal/Core/DrupalKernel.php, function initializeRequestGlobals(): <php>
protected function initializeRequestGlobals(Request $request) { global $base_url; // Set and derived from $base_url by this function. global /*$base_path,*/ $base_root; global $base_secure_url, $base_insecure_url; // 2016-07-04 Woozle patch for when the URL doesn't match the filename global $base_path_override;
/* Woozle notes (attempt to document/regularize meaning of globals): INPUT:
$base_path_override ([W new] optional): correct /path/ from domain to Drupal * Set this if Drupal detects it wrong. (That happens here.)
INTERNAL ([W mod: was global])
$base_path /path/ from domain to Drupal * with trailing slash * see NOTE - may be calculated internally or set externally
OUTPUT:
$base_root: protocol://domain * no trailing slash * only http and https supported for protocol $base_url: [$base_root]/path * no trailing slash * if Drupal installed in root folder, this should be same as $base_root $base_secure_url https://domain/path * calculated from $base_url * no trailing slash $base_insecure_url http://domain/path * calculated from $base_url * no trailing slash
NOTE:
* If $base_path_override is set, then: * $base_path = $base_path_override * $base_url = $base_root + $base_path - [trailing slash] * If $base_path_override is NOT set, then: * The same basic logic applies, but it's more complicated.
*/
// Create base URL. $base_root = $request->getSchemeAndHttpHost();
if (isset($base_path_override)) {
$base_path = $base_path_override; $base_path_slashless = rtrim($base_path,'/'); $base_url = $base_root.$base_path_slashless;
} else {
// [Wzl - existing code] try to guess the base URL from the script's filename $base_url = $base_root; // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'. if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) { // Remove "core" directory if present, allowing install.php, // authorize.php, and others to auto-detect a base path. $core_position = strrpos($dir, '/core'); if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) { $base_path = substr($dir, 0, $core_position); } else { $base_path = $dir; } $base_url .= $base_path; $base_path .= '/'; } else { $base_path = '/'; } $domain_url = $base_url;
} $base_secure_url = str_replace('http://', 'https://', $base_url); $base_insecure_url = str_replace('https://', 'http://', $base_url); }
</php>
Part Two
File: {drupal}/sites/default/settings.php -- add the following: <php> global $base_path_override; $base_path_override = '/'; </php>
(This assumes you have .htaccess configured to put Drupal in http://domain.name/ (root) rather than in some other subfolder. Adjust as necessary.)
This doesn't fix all the problems caused by the usage ambiguity, but it does make forms work again. I have posted an issue on the Drupal forum to try and get this issue properly fixed.