Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi,
I have a clean install of a Drupal 8.6.1 website and I try to config the filebrowser module.
Everything works fine except the file download. ( The archive's download works fine )
When I click on a file link, I have a blank page with this message :
"Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it."
Can you help me ?
Comments
Comment #2
clivesj commentedThere is issue in Core about this.
I am not sure this is the case in your situation.
The error means that Filebrowser is redirecting to an external location.
But that is not happening anywhere as far I can recollect
The error seems to appear when Drupal is installed in a subdirectory or locally (localhost) or if multilingual is installed.
Is any of these applicable to you?
Comment #3
c3liu3 commentedHello clivesj !
Thanks for your reply !
My website is online, located in the root of my server and not multilingual. :(
(In local environment, that works fine...)
I add the $settings['trusted_host_patterns'] in my settings file but I read somewhere that there was no link between these two things.
I'm lost...
Comment #4
clivesj commentedDoes the error mention a spefic line?
Can I access your site?
You can also send information by PM if you want.
I can not replicate the error on any site and you are the first and only one reporting it.
If I know where it is coming from I can troubleshoot it.
Comment #5
clivesj commentedn case your Download Manager is NOT set to "Private" (Node edit page) can you check the results if you change this to "Private"?
Thank you
Comment #6
c3liu3 commentedOoooh thank you !
I changed the download manager like you suggest it ! (public > private)
and it works !!! :)
Big thanks ! :)
Comment #7
clivesj commentedOK, in that case I know where the problem is.
Are you OK using "Private" for the time. Using Private will serve the files using PHP, so there will be no redirecting involved.
This uses more resources than "public" but is better especially when downloading large files.
Public sends the browser to the file location. At the moment Filebrowser redirects to the full url location.
In some cases that might interfere as you are experiencing.
I will rewrite the redirection by using a relative URL and that should pass the redirect criteria.
Comment #8
c3liu3 commentedThe server where the website are for now has good performances (and the website is really simple for now), so I'm ok for private transfer :)
I'm really happy and I understand better what is the problem. GG ! :)
Comment #10
clivesj commentedComment #12
jptillman commentedI'm having this issue right now having migrated from a test server to a production system. It looks like filebrowser is storing the fully qualified URL for the files that are uploaded in the filebrowser_content table as serialized data and those get fed to the redirect functions when it tries to send users to public URLs.
This is practically impossible to fix in the database because the string values are length-qualified when serialized ("s:100" for a length of 100) and they don't deserialize if the lengths are incorrect. I am basically dead in the water right now.
I can't use private URLs as my users don't log in.
How can I fix this?
Comment #13
clivesj commentedHello,
Your users don’t need to be logged in to use the Private download system.
When you use the Private download, Filebrower (PHP) will serve the file. With public download, the browser gets redirected to the file Location. So it has no relation to the logged-in status.
You can always flush (emtpy the table, delete the rows). Filebrowser will re-create the contents.
In such a case the file id’s will change, which might be a problem if you rely on the old fid’s for other uses.
Filebrowser itself won’t care.
Let me know if you need more assistance.
Comment #14
suparnaa.dey commentedComment #5 works for me.