Unexpected permanent redirects when used in conjunction with Redirect module

Open on Drupal.org →

Created on 13 April 2023, over 2 years ago

Problem/Motivation

The beta3 release of the Cloudflare module changed the priority at which the request event is modified. In 1.0.0-beta2, the ClientIpRestore event subscriber had a priority of 20, which fires after the subscriber in the Redirect module. In 1.0.0-beta3, the CloudFlareMiddleware has a priority of 300, so it fires before the redirect module's event subscriber (as it should, right?).

I think that the problem lies in that the Cloudflare's call to Request::overrideGlobals modifies $_SERVER['QUERY_STRING'] such that the query string no longer matches what the user sent over, and introduces a mismatch between Request::server->get('QUERY_STRING') versus Request::getRequesturi. ?query-var !== ?query-var=.

Later on in the processing (priority=30), the Redirect module accesses $request->server->get('QUERY_STRING') to get the query string, which yields ?query-var=, but also calls $request->getRequestUri() which yields ?query-var.

This results in a mismatch that causes the redirect module to issue a 301 from https://example.com?query-var to https://example.com?query-var=.

on its own, it might be innocuous enough, but...

This change is proving to be somewhat troublesome when combined with the page_cache_query_ignore module.

The Cloudflare module hijacks / overrides the superglobal $_SERVER via a call to Request::overrideGlobals on line 175 of the middleware (this is what transforms the current query parameter from some-query-param to some-query-param=
The Redirect module picks up a route like https://example.com?some-query-param and redirects it to https://example.com?some-query-param=
The Page Cache module (which has been decorated by Page Cache Query Ignore) doesn't vary between some-query-param and some-query-param=, and therefore responds with a HTTP/301 from https://example.com?some-query-param= to https://example.com?some-query-param=, thus forming an infinite loop.

Proposed resolution

Prevent the Cloudflare module from altering $_SERVER['QUERY_STRING'].

Remaining tasks

Needs manual testing.

Install Redirect + Cloudflare
Visit https://example.com?query-parameter, observe that the user is 301 redirected to https://example.com?query-parameter=
Apply patch
Visit https://example.com?query-parameter, observe that the user is not 301 redirected

User interface changes

None

API changes

None

Data model changes

None

🐛 Bug report

Status

Needs review

Component

Code

Created by

🇺🇸United States luke.leber Pennsylvania

Live updates comments and jobs are added and updated live.

Needs manual testing
The change/bugfix cannot be fully demonstrated by automated testing, and thus requires manual testing in a variety of environments.

Sign in to follow issues

Comments & Activities

Issue created by @luke.leber
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Demoting to 'major' -- details will be coming in the I.S., but right now it looks like the lesser used page_cache_query_ignore plays a role here.
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Let's see what the test bot thinks of this.
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Make the comment more descriptive.
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Status changed to Needs review over 2 years ago3:28pm 13 April 2023
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024