Contrib.social

`?check_logged_in=1` is added to external URL in TrustedRedirectResponse

Open on Drupal.org β†’
Created on 4 March 2024, 11 months ago

Problem/Motivation

Issue #3253889 β†’ : "`?check_logged_in=1` causes `TrustedRedirectResponse` to fail" adds "?check_logged_in" to TrustedRedirectResponse. The param is supposed to be added to the local redirect URLs only (including URLs in trusted host patterns). It should not be appended to external URL redirect. Many websites are strict about the accepted query params and "?check_logged_in" could cause an error response.

Steps to reproduce

* Use cookie authentication (eg. Persistent Login module or Remember me checkbox on login form).
* Have a route that redirects users to an external website
* Remove the session cookie and visit the said route.

Expected result:
* Users are redirected the external website.
* The external URL does not have the "?check_logged_in" query param.

Actual result:
* Users are redirected the external website.
* The external URL has the "?check_logged_in" query param at the end.

Proposed resolution

Cookie::addCheckToUrl() should check for external URL before appending "check_logged_in" query param to the RedirectResponse.

Remaining tasks

User interface changes

N/A

API changes

N/A

Data model changes

N/A

Release notes snippet

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
User moduleΒ  β†’

Last updated 7 days ago

Created by

πŸ‡¦πŸ‡ΊAustralia sonnykt Melbourne, Australia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024