Bug #56598
Absolute URI for WebEntry
Status: | Resolved | Start date: | 2014-03-06 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 100% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | Yes | Affected Flow version: | Git master |
Description
Hi,
I tried to configure an absolute URL for my entry point of a security provider. But it can't handle the absolute uri.
provider: MyProvider
entryPoint: 'WebRedirect'
entryPointOptions:
uri: http://www.absolute-url.de/
I have created a patch.
Flow version: 2.1.1
Associated revisions
[BUGFIX] Fix support for absolute URIs in WebRedirect options
Fixes support for authentication provider redirects to external
domains.
Background:
If a ``WebRedirect`` is configured with a relative URI like::
entryPoint: 'WebRedirect'
entryPointOptions:
uri: 'some/path'
The ``Location`` header gets properly prefixed with the current
base URI.
But due to a typo this happened as well for absolute URIs.
Note: using the "uri" option for internal redirects is deprecated,
use the ``routeParts`` option instead for those.
Change-Id: I203459da70465d78d50d226d265c88224ac50963
Fixes: #56598
Releases: master, 2.2, 2.1
[BUGFIX] Fix support for absolute URIs in WebRedirect options
Fixes support for authentication provider redirects to external
domains.
Background:
If a ``WebRedirect`` is configured with a relative URI like::
entryPoint: 'WebRedirect'
entryPointOptions:
uri: 'some/path'
The ``Location`` header gets properly prefixed with the current
base URI.
But due to a typo this happened as well for absolute URIs.
Note: using the "uri" option for internal redirects is deprecated,
use the ``routeParts`` option instead for those.
Change-Id: I203459da70465d78d50d226d265c88224ac50963
Fixes: #56598
Releases: master, 2.2, 2.1
[BUGFIX] Fix support for absolute URIs in WebRedirect options
Fixes support for authentication provider redirects to external
domains.
Background:
If a ``WebRedirect`` is configured with a relative URI like::
entryPoint: 'WebRedirect'
entryPointOptions:
uri: 'some/path'
The ``Location`` header gets properly prefixed with the current
base URI.
But due to a typo this happened as well for absolute URIs.
Note: using the "uri" option for internal redirects is deprecated,
use the ``routeParts`` option instead for those.
Change-Id: I203459da70465d78d50d226d265c88224ac50963
Fixes: #56598
Releases: master, 2.2, 2.1
History
#1 Updated by Frederik Vosberg over 1 year ago
- File bugfix-abs-uri-entry-point.diff added
#2 Updated by Bastian Waidelich over 1 year ago
- Status changed from New to Needs Feedback
- Assigned To set to Bastian Waidelich
- Priority changed from Must have to Should have
FYI: The "uri" option of the WebRedirect entry point is deprecated. See http://docs.typo3.org/flow/TYPO3FlowDocumentation/TheDefinitiveGuide/PartIII/Security.html#authentication-entry-points
Can you please explain why you need an absolute URI here?
#3 Updated by Frederik Vosberg over 1 year ago
Because I want to redirect to an external URL. And the way through a controller would be too much. Is there another way?
#4 Updated by Bastian Waidelich over 1 year ago
- Category set to Security
- Status changed from Needs Feedback to Accepted
Frederik Vosberg wrote:
Because I want to redirect to an external URL. And the way through a controller would be too much. Is there another way?
Fair enough, but we should detect absolute URIs using parse_url() (like we do it in other places, for instance https://git.typo3.org/Packages/TYPO3.Fluid.git/blob/HEAD:/Classes/TYPO3/Fluid/ViewHelpers/Link/ExternalViewHelper.php#l65)
I'll take care of this
#5 Updated by Gerrit Code Review about 1 year ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/30117
#6 Updated by Bastian Waidelich about 1 year ago
I finally got around pushing this one. Sorry, I didn't know that this feature was already (incorrectly) implemented. I didn't look at your patch and thought this was a new "feature"..
#7 Updated by Gerrit Code Review about 1 year ago
Patch set 2 for branch master of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/30117
#8 Updated by Bastian Waidelich about 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 002aea5b7b7c5de25f25e79359e686de5a64f8e2.
#9 Updated by Gerrit Code Review about 1 year ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 2.2 of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/30428
#10 Updated by Bastian Waidelich about 1 year ago
- Status changed from Under Review to Resolved
Applied in changeset 96c42102f1f83276d5dd1da7b50e928376041234.
#11 Updated by Gerrit Code Review about 1 year ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 2.1 of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/30837
#12 Updated by Bastian Waidelich about 1 year ago
- Status changed from Under Review to Resolved
Applied in changeset 2de9d6619aa25ec109792fab7a00e8de3f7c7dfb.