-
Notifications
You must be signed in to change notification settings - Fork 10.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Download handler: support falling back on the redirect method (as an option, not a default) #30294
Conversation
📝 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding some minor comments related to messaging.
@barryhughes I have followed the testing instructions and it works fine. I have also tested as follows:
Maybe you want to add this to the testing instructions. |
📝 Quick note on E2E test fails—they don't seem to relate to this change. At time of writing both fails are from
However, by creating a draft PR that is 1:1 with current trunk (will clean it up later) I can see exactly the same fails. |
The product download handler supports 3 different methods of serving files:
Previously (before 5.5.0) the system included a fallback mechanism as follows:
X-Accel/X-Sendfile
is the preferred method but cannot be used, it falls back on Force Download.Force Download
cannot be used and if the digital product file is remote, then a final fallback is made to the Redirect methodRedirect
is the last method, there is no further fallback.In f88586e we removed that final fallback, so as to avoid inadvertently exposing the digital asset's public path to the world (in other words, the idea was that redirects should be explicitly enabled or not happen at all), however there were some problems with this:
Force Download
but others that were not. The previous system of fallbacks was therefore essential to supporting this arrangement.In this change:
This hopefully gives the best of both worlds. Improved security (we don't allow redirects if the merchant hasn't specifically allowed for them) with the flexibility of the earlier, pre-5.5.0 approach (by allowing redirects as a final fallback, but only if explicitly enabled).
Closes #30288.
Screenshots
☝️ New option, allowing fallbacks on redirects but making it something that needs to be explicitly enabled.
☝️ Revised message text for the deprecation warning that renders when "Redirect Only" is selected.
How to test the changes in this Pull Request:
Setup
allow_url_fopen
is disabled.Testing
Other aspects
Other information
Changelog entry