[FEATURE] X-Redirect-By Header for pages with redirect types

To make debugging easier and to be in sync with redirects by EXT:redirects, page doktypes which trigger a redirect now also provide the header X-Redirect-By. Resolves: #92334 Releases: master Change-Id: Ia01e358b5cb50dcac4d57f8469f572cf7eaaaedd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65752 Tested-by: Josef Glatz <josefglatz@gmail.com> Tested-by: Oliver Bartsch <bo@cedev.de> Tested-by: TYPO3com <noreply@typo3.com> Tested-by: Richard Haeser <richard@richardhaeser.com> Reviewed-by: Josef Glatz <josefglatz@gmail.com> Reviewed-by: Oliver Bartsch <bo@cedev.de> Reviewed-by: Richard Haeser <richard@richardhaeser.com>
TYPO3 · Sep 23, 2020 · 091b642 · 091b642
1 parent 20658a4
commit 091b642
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 3 deletions.
diff --git a/typo3/sysext/core/Configuration/DefaultConfiguration.php b/typo3/sysext/core/Configuration/DefaultConfiguration.php
@@ -1364,6 +1364,7 @@
             'className' => \TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::class,
             'options' => [],
         ],
+        'exposeRedirectInformation' => false,
     ],
     'MAIL' => [ // Mail configurations to tune how \TYPO3\CMS\Core\Mail\ classes will send their mails.
         'transport' => 'sendmail',

diff --git a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
@@ -534,6 +534,10 @@ FE:
                 options:
                     type: array
                     description: 'Special settings for specific hashes.'
+        exposeRedirectInformation:
+          type: bool
+          description: 'If set, redirects executed by TYPO3 publicly expose the page ID in the HTTP header. As this is an internal information about the TYPO3 system, it should only be enabled for debugging purposes.'
+
 MAIL:
     type: container
     description: 'Mail'

diff --git a/...Changelog/master/Feature-92334-X-Redirect-ByHeaderForPagesWithRedirectTypes.rst b/...Changelog/master/Feature-92334-X-Redirect-ByHeaderForPagesWithRedirectTypes.rst
@@ -0,0 +1,51 @@
+.. include:: ../../Includes.txt
+
+====================================================================
+Feature: #92334 - X-Redirect-By Header for pages with redirect types
+====================================================================
+
+See :issue:`92334`
+
+Description
+===========
+
+The following page types trigger a redirect:
+
+- Shortcut
+- Mountpoint pages which should be overlaid but accessed directly
+- Link to external URL
+
+Those redirects will now send an additional HTTP Header `X-Redirect-By`, stating what type of page triggered the redirect.
+By enabling the new global option :php:`$GLOBALS['TYPO3_CONF_VARS']['FE']['exposeRedirectInformation']` the header will also contain the page ID.
+As this exposes internal information about the TYPO3 system publicly, it should only be enabled for debugging purposes.
+
+For shortcut and mountpoint pages: ::
+
+   X-Redirect-By: TYPO3 Shortcut/Mountpoint
+   # exposeRedirectInformation is enabled
+   X-Redirect-By: TYPO3 Shortcut/Mountpoint at page with ID 123
+
+For *Links to External URL*: ::
+
+   X-Redirect-By: TYPO3 External URL
+   # exposeRedirectInformation is enabled
+   X-Redirect-By: TYPO3 External URL at page with ID 456
+
+Impact
+======
+
+The header `X-Redirect-By` makes it easier to understand why a redirect happens when checking URLs, e.g. by using `curl`: ::
+
+  curl -I 'https://my-typo3-site.com/examples/pages/link-to-external-url/'
+
+  HTTP/1.1 303 See Other
+  Date: Thu, 17 Sep 2020 17:45:34 GMT
+  X-Redirect-By: TYPO3 External URL at page with ID 12
+  X-TYPO3-Parsetime: 0ms
+  location: https://typo3.org
+  Cache-Control: max-age=0
+  Expires: Thu, 17 Sep 2020 17:45:34 GMT
+  X-UA-Compatible: IE=edge
+  Content-Type: text/html; charset=UTF-8
+
+.. index:: Frontend, ext:frontend
diff --git a/typo3/sysext/frontend/Classes/Middleware/ShortcutAndMountPointRedirect.php b/typo3/sysext/frontend/Classes/Middleware/ShortcutAndMountPointRedirect.php
@@ -23,6 +23,7 @@
 use Psr\Http\Server\RequestHandlerInterface;
 use TYPO3\CMS\Core\Domain\Repository\PageRepository;
 use TYPO3\CMS\Core\Http\RedirectResponse;
+use TYPO3\CMS\Core\Routing\PageArguments;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
 
@@ -46,10 +47,19 @@ public function __construct(TypoScriptFrontendController $controller)
 
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
+        $exposeInformation = $GLOBALS['TYPO3_CONF_VARS']['FE']['exposeRedirectInformation'] ?? false;
+
         // Check for shortcut page and mount point redirect
         $redirectToUri = $this->getRedirectUri($request);
         if ($redirectToUri !== null && $redirectToUri !== (string)$request->getUri()) {
-            return new RedirectResponse($redirectToUri, 307);
+            /** @var PageArguments $pageArguments */
+            $pageArguments = $request->getAttribute('routing', null);
+            $message = 'TYPO3 Shortcut/Mountpoint' . ($exposeInformation ? ' at page with ID ' . $pageArguments->getPageId() : '');
+            return new RedirectResponse(
+                $redirectToUri,
+                307,
+                ['X-Redirect-By' => $message]
+            );
         }
 
         // See if the current page is of doktype "External URL", if so, do a redirect as well.
@@ -60,7 +70,12 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 $request->getAttribute('normalizedParams')->getSiteUrl()
             );
             if (!empty($externalUrl)) {
-                return new RedirectResponse($externalUrl, 303);
+                $message = 'TYPO3 External URL' . ($exposeInformation ? ' at page with ID ' . $this->controller->page['uid'] : '');
+                return new RedirectResponse(
+                    $externalUrl,
+                    303,
+                    ['X-Redirect-By' => $message]
+                );
             }
         }
 

diff --git a/typo3/sysext/frontend/Tests/Functional/SiteHandling/SlugSiteRequestTest.php b/typo3/sysext/frontend/Tests/Functional/SiteHandling/SlugSiteRequestTest.php
@@ -121,7 +121,10 @@ public function requestsAreRedirectedWithoutHavingDefaultSiteLanguage(string $ur
         );
 
         $expectedStatusCode = 307;
-        $expectedHeaders = ['location' => ['https://website.local/welcome']];
+        $expectedHeaders = [
+            'X-Redirect-By' => ['TYPO3 Shortcut/Mountpoint'],
+            'location' => ['https://website.local/welcome']
+        ];
 
         $response = $this->executeFrontendRequest(
             new InternalRequest($uri),