You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We correctly look for the referer in the Controller\Authentication::login(), however the $_SERVER['REFERER_URL'] value is not always present and can't be relied on. In particular it appears not to be set when the browser receives a 302 response.
Solutions
Session variable
We could store the referrer automatically in the session when $this->redirect() is called on a controller. This should be stored either as a flash session or have an event listener which deletes it to ensure it only lives for one request.
GET parameter
We could pass the referrer as a GET parameter, either automatically appended when calling $this->redirectToRoute() or as an additional flag on the method.
e.g.
// Automatically got using $this->getRequest()->getUri()$this->redirectToRoute('ms.user.login', [], 302, true);
// Or manually$this->redirectToRoute('ms.user.login', [], 302, 'some-url');
It might be preferable to make true the default, and be required to pass false due to the inconvenience of the [], 302 parameters. Depends on which situation is likely to be more used.
getReferer()
We should also probably have a helper method on the controller/request to get the referrer in a priority order, e.g. $this->getReferer() which would check the headers first then the session/get parameter.
@messagedigital/back-end-developers Thoughts?
The text was updated successfully, but these errors were encountered:
Hmm, I'm leaning towards the session solution but I don't like the idea of having to check for it throughout the code.
How about:
Add event listener on KernelEvents::RESPONSE to check if the response is RedirectResponse (or the status code starts 30) and set session variable for the current URI as the referer
Add event listener on KernelEvents::REQUEST to check for the aforementioned session variable, and set it as the referer header on the Request object (unless a referer is already set). Delete the session after this (regardless of if it's set or not)
Problem
We correctly look for the referer in the
Controller\Authentication::login()
, however the$_SERVER['REFERER_URL']
value is not always present and can't be relied on. In particular it appears not to be set when the browser receives a302
response.Solutions
Session variable
We could store the referrer automatically in the session when
$this->redirect()
is called on a controller. This should be stored either as a flash session or have an event listener which deletes it to ensure it only lives for one request.GET parameter
We could pass the referrer as a GET parameter, either automatically appended when calling
$this->redirectToRoute()
or as an additional flag on the method.e.g.
It might be preferable to make
true
the default, and be required to passfalse
due to the inconvenience of the[], 302
parameters. Depends on which situation is likely to be more used.getReferer()
We should also probably have a helper method on the controller/request to get the referrer in a priority order, e.g.
$this->getReferer()
which would check the headers first then the session/get parameter.@messagedigital/back-end-developers Thoughts?
The text was updated successfully, but these errors were encountered: