Contrib.social

file_url_transform_relative() only works with current request's host

Open on Drupal.org β†’
Created on 8 November 2016, almost 8 years ago
Updated 15 July 2024, about 2 months ago

Problem/Motivation

The idea behind FileUrlGenerator::transformRelative() is that it would strip off the beginning of a URL to ensure a relative URL is returned. However, this only works with the current request's host. This is a problem when saving certain configuration in dev/stage/prod workflow; a workflow that has different domains.

Steps to reproduce

- #2257291: Handle alternate domains in filter_html_image_secure β†’

TBD

Proposed resolution

Change the way FileUrlGenerator::transformRelative() works so that it pulls from $settings['trusted_host_patterns'] or some other configurable equivalent; in addition to the current request's host.

Remaining tasks

  • Create tests
  • Create a patch

User interface changes

None

API changes

None

Data model changes

None

πŸ› Bug report
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component
File systemΒ  β†’

Last updated 1 day ago

Created by

πŸ‡ΊπŸ‡ΈUnited States markhalliwell

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia kim.pepper πŸ„β€β™‚οΈπŸ‡¦πŸ‡ΊSydney, Australia

    file_url_transform_relative() was deprecated in 9.3.0 and was converted to \Drupal\Core\File\FileUrlGeneratorInterface::transformRelative(). At the very least this needs an IS update. Can we check if this is still an issue in the new code?

  • Comment about 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia kim.pepper πŸ„β€β™‚οΈπŸ‡¦πŸ‡ΊSydney, Australia
  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mradcliffe USA

    I was following the issue. The code has changed a little bit, but not substantially that would solve the root cause in the public method.

    I went through some of the use cases and issues.

    - #2257291: Handle alternate domains in filter_html_image_secure β†’ - still applies
    - #2825593: Allow relative urls for favicons in config β†’ - as an example of a contrib theme/module storing a URL into config, but I don't think this applies as I don't think that theme should have been storing a module/theme provided file in config.
    - ImageUrlFormatter / ImageStyleInterface::buildUrl - does not apply as that uses stream wrappers.
    - ::transformRelative is a public method so it would be possible for custom and contrib code to pass in an absolute URL similar to what is in core filter module.

    So if we added a mismatch of URL and host to UrlTransformRelativeTest::providerFileUrlTransformRelative, then we would
    probably get failures.

    For a functional test, I'm not sure if we could modify FilterHtmlImageSecureTest::testImageSource since we probably would want to mock the the request host so maybe a separate functional test in that file?

    There is now a workaround however - override the file_url_generator service, but I don't think we want to recommend that.

    I'm leaving the issue tags and status as-is.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024