8000 [WebDebugToolbar] Redirection interception should only be triggered when request format is HTML · Issue #31168 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[WebDebugToolbar] Redirection interception should only be triggered when request format is HTML #31168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bpolaszek opened this issue Apr 18, 2019 · 0 comments
Closed

[WebDebugToolbar] Redirection interception should only be triggered when request format is HTML #31168

bpolaszek opened this issue Apr 18, 2019 · 0 comments
Labels
WebProfilerBundle

Comments

@bpolaszek
Copy link
Contributor

Description
Currently, when setting intercept_redirects to true, the WDT will display a "Redirection intercepted!" page when it encounters a 201, 301, 302, 303, 307 or 308 along with a Location header.

The problem is that it doesn't filter the request format at this time, and as a consequence, WDT can even trigger an interception in an API context.

In a more concrete example, if you have the api-platform package installed and POST a new resource with Accept: application/json+ld, the application will return a 201 response with the freshly created resource Uri in the Location header.
But for the WebDebugToolbarListener, this is considered as a redirection and it should be intercepted.

Possible Solution
I suggest either adding 'html' === $request->getRequestFormat() as an additionnal condition for the interception to be triggered, or rely on $response->isRedirection() (>= 300, < 400) instead of $response->isRedirect() (201, 301, 302, 303, 307, 308):

symfony/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php

Line 90 in a59fe66

if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects) {

Thank you,
Ben
@javiereguiluz javiereguiluz mentioned this issue Apr 23, 2019
Merged
@fabpot fabpot closed this as completed Apr 24, 2019
fabpot added a commit that referenced this issue Apr 24, 2019
@fabpot
bug #31213 [WebProfilerBundle] Intercept 5AB6 redirections only for HTML f…
d98f783 
…ormat (javiereguiluz)

This PR was merged into the 3.4 branch.

Discussion
----------

[WebProfilerBundle] Intercept redirections only for HTML format

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | #31168
| License       | MIT
| Doc PR        | -

This applies the solution proposed by @bpolaszek in #31168.

Commits
-------

4186788 Intercept redirections only for HTML format
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
WebProfilerBundle
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fabpot @xabbuh @bpolaszek
0