Contrib.social

file_url_transform_relative() only works with current request's host

Open on Drupal.org β†’
Created on 8 November 2016, over 8 years ago
Updated 15 July 2024, 11 months ago

Problem/Motivation

The idea behind file_url_transform_relative() is that it would strip off the beginning of a URL to ensure a relative URL is returned. However, this only works with the current request's host. This is a problem when saving certain configuration in dev/stage/prod workflow; a workflow that has different domains.

See: #2825593: Allow relative urls for favicons in config β†’

Proposed resolution

Change the way file_url_transform_relative() works so that it pulls from $settings['trusted_host_patterns'] or some other configurable equivalent; in addition to the current request's host.

Remaining tasks

  • Create a patch
  • Create tests

User interface changes

None

API changes

None

Data model changes

None

πŸ› Bug report
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component
File systemΒ  β†’

Last updated 1 day ago

Created by

πŸ‡ΊπŸ‡ΈUnited States markhalliwell

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 11 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia kim.pepper πŸ„β€β™‚οΈπŸ‡¦πŸ‡ΊSydney, Australia

    file_url_transform_relative() was deprecated in 9.3.0 and was converted to \Drupal\Core\File\FileUrlGeneratorInterface::transformRelative(). At the very least this needs an IS update. Can we check if this is still an issue in the new code?

  • Comment 11 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia kim.pepper πŸ„β€β™‚οΈπŸ‡¦πŸ‡ΊSydney, Australia
  • Comment 11 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mradcliffe USA

    I was following the issue. The code has changed a little bit, but not substantially that would solve the root cause in the public method.

    I went through some of the use cases and issues.

    - #2257291: Handle alternate domains in filter_html_image_secure β†’ - still applies
    - #2825593: Allow relative urls for favicons in config β†’ - as an example of a contrib theme/module storing a URL into config, but I don't think this applies as I don't think that theme should have been storing a module/theme provided file in config.
    - ImageUrlFormatter / ImageStyleInterface::buildUrl - does not apply as that uses stream wrappers.
    - ::transformRelative is a public method so it would be possible for custom and contrib code to pass in an absolute URL similar to what is in core filter module.

    So if we added a mismatch of URL and host to UrlTransformRelativeTest::providerFileUrlTransformRelative, then we would
    probably get failures.

    For a functional test, I'm not sure if we could modify FilterHtmlImageSecureTest::testImageSource since we probably would want to mock the the request host so maybe a separate functional test in that file?

    There is now a workaround however - override the file_url_generator service, but I don't think we want to recommend that.

    I'm leaving the issue tags and status as-is.

  • Comment 1 day ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    wonder if this should be closed or re-opened?

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024