Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
hook_drupal_goto_alter() is being used to alter URLs during redirects to turn HTTPS on/off. But it isn't checking for redirects to external URLs, which could cause problems.
Attached patch solves the issue.
Comment | File | Size | Author |
---|---|---|---|
#1 | securepages-external-urls-altered-during-drupal_goto-redirects-2413291.patch | 900 bytes | brunascle |
Comments
Comment #1
brunascle CreditAttribution: brunascle commentedComment #2
elsteff1385 CreditAttribution: elsteff1385 commentedsubscribing.
This bug was messing up redirects to payment service providers. External https:// redirects, coming from drupal_goto(), went through Secure Pages and were directed back to http:// leading to 404 error's on several bank's payment pages.