Avoid redirect to install.php on production environments

Created on 29 November 2019, over 5 years ago

Updated 1 September 2023, almost 2 years ago

Redirecting to /core/install.php is a great feature for people playing with Drupal as they can quickly understand what's going on.

But on the contrary, it's very bad in production with a (big) database problem ! (Even worse when it falls in the varnish cache hush!)

I was thinking of a configuration key in backoffice, section "Error pages", but since we have no database, it should be a variable in settings.php.

I would like to have the community opinion first ?

=============================
In Drupal\Core\EventSubscriber\ExceptionDetectNeedsInstallSubscriber :

/**
   * Handles errors for this subscriber.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
   *   The event to process.
   */
  public function onException(GetResponseForExceptionEvent $event) {
    $exception = $event->getException();
    if ($this->shouldRedirectToInstaller($exception, $this->connection)) {
      // Only redirect if this is an HTML response (i.e., a user trying to view
      // the site in a web browser before installing it).
      $request = $event->getRequest();
      $format = $request->query->get(MainContentViewSubscriber::WRAPPER_FORMAT, $request->getRequestFormat());
      if ($format == 'html') {
        $event->setResponse(new RedirectResponse($request->getBasePath() . '/core/install.php', 302, ['Cache-Control' => 'no-cache']));
      }
    }
  }

✨ Feature request

Status

Active

Version

11.0 🔥

Component

Install →

Last updated about 22 hours ago

No maintainer

Created by

🇫🇷France pguillard

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇺🇸United States moshe weitzman Boston, MA
I agree. This can happen during a database restore, for example. I made a contrib module that resolves this problem until this issue is discussed and developed.
Comment almost 2 years ago →
🇺🇸United States greggles Denver, Colorado, USA
+1
Comment 2 months ago →
🇫🇷France prudloff Lille
I agree this should be improved.
We handle this on our websites by restricting access to install.php in Apache config, but a solution that works for everyone would be nice.
Comment about 2 months ago →
🇬🇧United Kingdom catch
This makes sense to me and settings.php seems like the right (only) place. We could probably write to it at the same time as writing out to database settings so it's always there on new installs?
Comment 4 days ago →
🇬🇧United Kingdom catch
Just found 🐛 ExceptionDetectNeedsInstallSubscriber should not run on http exceptions Active too.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024