Fatal error when redirecting on multi-domain multilingual site

Created on 19 January 2024, about 1 year ago

Updated 9 February 2024, 12 months ago

Problem/Motivation

When a redirect is triggered for this module on a site with different domains for different languages a fatal error occurs. This may be related to upgrading the site to D10, though it seems as though the problem should have existed in D9 as well.

Steps to reproduce

Ensure you have a Drupal site set up with multilingual modules configured and this module installed and appropriately configured
Ensure your site has language detection based on domain configured so, e.g., https://frenchexample.com is the French site and https://englishexample.com is the English site
Ensure you have a node with an English translation but no French translation
Attempt to visit the (nonexistent) French version of your node
You will see a WSOD

The relevant error message is something like the following depending on your node path:

InvalidArgumentException: It is not safe to redirect to https://example.com/your-node in Drupal\Component\HttpFoundation\SecuredRedirectResponse->setTargetUrl() (line 58 of /var/www/html/docroot/core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php).

Proposed resolution

Instead of producing a LocalRedirectResponse (which enforces the same base domain) produce a TrustedRedirectResponse.

Possibly some additional checks could be added to ensure a similar effect to LocalRedirectResponse but accounting for multilingual domains, but I'm not sure that's actually necessary for this module since as far as I know redirects are always generated from existing entities in Drupal.

Remaining tasks

Supply a patch.

🐛 Bug report

Status

Fixed

Version

2.0

Component

Code

Created by

🇨🇦Canada dylan donkersgoed London, Ontario

Live updates comments and jobs are added and updated live.

Merge Requests

!5Fatal error when redirecting on multi-domain multilingual site
Merged
🇨🇦Canada dylan donkersgoed
updated about 1 year ago

Comments & Activities

Issue created by @dylan donkersgoed
Merge request !5Switched to using TrustedRedirectResponse instead of LocalRedirectResponse to... → (Merged) created by dylan donkersgoed
Status changed to Needs review about 1 year ago8:53pm 19 January 2024
Comment about 1 year ago →
🇨🇦Canada dylan donkersgoed London, Ontario
Patch attached.
Status changed to Fixed about 1 year ago11:24am 26 January 2024
Comment about 1 year ago →
🇷🇺Russia walkingdexter
Merged, thanks!
Comment 12 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024