Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[@Secure feature] redirect response should use _format from parent request #5080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
recipe opened this issue Jul 27, 2012 · 3 comments
Closed

[@Secure feature] redirect response should use _format from parent request #5080

recipe opened this issue Jul 27, 2012 · 3 comments
Labels
Security

Comments

@recipe
Copy link

recipe commented Jul 27, 2012

Suggestion.
Redirect response to login route should use _format parameter from parent request when this parameter is part of the login route.

http://pastebin.com/80UXXnpr

I could use this workaround, or create special listener class, but I'm sure it should be done by symfony itself.

// workaround for every route which uses non default format
if (!$this->get('security.context')->isGranted('ROLE_USER')) {
             $pars = $this->getRequest()->attributes->get('_route_params');
             return new RedirectResponse($this->generateUrl('login', array('_format' => $pars['_format'])));
         }
@vicb
Copy link
Contributor

vicb commented Jul 27, 2012

which version of Symfony do you use ?

@recipe
Copy link
Author

recipe commented Jul 27, 2012

dev-master latest 2.1-BETA4

@recipe
Copy link
Author

recipe commented Jul 27, 2012 

"require":{
    "php":">=5.3.3",
    "symfony/symfony":"2.1.*",
    "doctrine/orm":"2.2.*",
    "doctrine/doctrine-bundle":"dev-master",
    "twig/extensions":"dev-master",
    "symfony/assetic-bundle":"dev-master",
    "symfony/swiftmailer-bundle":"dev-master",
    "symfony/monolog-bundle":"dev-master",
    "sensio/distribution-bundle":"dev-master",
    "sensio/framework-extra-bundle":"dev-master",
    "sensio/generator-bundle":"dev-master",
    "jms/security-extra-bundle":"1.1.*",
    "jms/di-extra-bundle":"1.0.*",
    "jms/i18n-routing-bundle":"dev-master",
    "gedmo/doctrine-extensions":"dev-master",
    "stof/doctrine-extensions-bundle":"dev-master",
    "recipe/expose-translation-bundle":"dev-master",
    "imagine/Imagine":"dev-master",
    "avalanche123/imagine-bundle":"dev-master",
    "gregwar/captcha-bundle":"dev-master"
},

@jfsimon jfsimon mentioned this issue Mar 11, 2013
Closed
fabpot added a commit that referenced this issue Mar 13, 2013
@fabpot
merged branch jfsimon/security-redirect-attributes (PR #7325)
e4896da 
This PR was squashed before being merged into the 2.1 branch (closes #7325).

Commits
-------

6575df6 [Security] use current request attributes to generate redirect url?

Discussion
----------

[Security] use current request attributes to generate redirect url?

Maybe we should consider to use current request attributes to generate the login/logout redirections URL?

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #5080

---------------------------------------------------------------------------

by Seldaek at 2013-03-11T08:33:37Z

Can you explain why?

---------------------------------------------------------------------------

by jfsimon at 2013-03-11T09:30:07Z

@Seldaek let say I prefixed all my URLs with a `{domain}` var (`_locale` for instance), I'd like it to be passed to my redirected request. I guess it could lead to side effects, that's why I tagged this PR `RFC`.

---------------------------------------------------------------------------

by Seldaek at 2013-03-11T09:46:33Z

Fair enough. The main issue I see is that you end up with "garbage" query params in the URL. Any params that was needed by the previous page and not needed by the new one ends up as ?foo=bar in the URL. It's usually not harmful, but not very clean either. I'm not sure what it would take to grab all the params that a route can use, and only copy those over.

---------------------------------------------------------------------------

by jfsimon at 2013-03-11T10:12:49Z

@Seldaek indeed, I didn't think about those query parameters... I'll try to fix this in a simple way this afternoon.

---------------------------------------------------------------------------

by jfsimon at 2013-03-11T14:54:31Z

@Seldaek tell me if what you think of this, it may look like a hack (which wont be acceptable).

---------------------------------------------------------------------------

by Seldaek at 2013-03-11T14:59:39Z

Eh I see. I can't say it's the less hacky thing I ever saw, but it might be alright. I don't think I'm the best person to take this call though.. Let's see what @fabpot thinks.
@fabpot fabpot closed this as completed Mar 13, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fabpot @vicb @recipe