Avoid redirect to install.php on production environments

Created on 29 November 2019, over 5 years ago
Updated 1 September 2023, over 1 year ago

Redirecting to /core/install.php is a great feature for people playing with Drupal as they can quickly understand what's going on.

But on the contrary, it's very bad in production with a (big) database problem ! (Even worse when it falls in the varnish cache hush!) 

I was thinking of a configuration key in backoffice, section "Error pages", but since we have no database, it should be a variable in settings.php.

I would like to have the community opinion first ?

=============================
In Drupal\Core\EventSubscriber\ExceptionDetectNeedsInstallSubscriber :

/**
   * Handles errors for this subscriber.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
   *   The event to process.
   */
  public function onException(GetResponseForExceptionEvent $event) {
    $exception = $event->getException();
    if ($this->shouldRedirectToInstaller($exception, $this->connection)) {
      // Only redirect if this is an HTML response (i.e., a user trying to view
      // the site in a web browser before installing it).
      $request = $event->getRequest();
      $format = $request->query->get(MainContentViewSubscriber::WRAPPER_FORMAT, $request->getRequestFormat());
      if ($format == 'html') {
        $event->setResponse(new RedirectResponse($request->getBasePath() . '/core/install.php', 302, ['Cache-Control' => 'no-cache']));
      }
    }
  }
✨ Feature request
Status

Active

Version

11.0 πŸ”₯

Component
InstallΒ  β†’

Last updated 9 days ago

No maintainer
Created by

πŸ‡«πŸ‡·France pguillard

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States moshe weitzman Boston, MA

    I agree. This can happen during a database restore, for example. I made a contrib module that resolves this problem until this issue is discussed and developed.

  • πŸ‡ΊπŸ‡ΈUnited States greggles Denver, Colorado, USA

    +1

  • πŸ‡«πŸ‡·France prudloff Lille

    I agree this should be improved.
    We handle this on our websites by restricting access to install.php in Apache config, but a solution that works for everyone would be nice.

  • πŸ‡¬πŸ‡§United Kingdom catch

    This makes sense to me and settings.php seems like the right (only) place. We could probably write to it at the same time as writing out to database settings so it's always there on new installs?

Production build 0.71.5 2024