Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dawehner on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
8.0.x
Issue links:
Description:
For better security the RedirectResponse object now per default does NOT allow external redirects.
In case you actively want to redirect to an external URL use \Drupal\Core\Routing\TrustedRedirectResponse
before
use Symfony\Component\HttpFoundation\RedirectResponse;
public function myController() {
return new RedirectResponse('http://example.com/foo/bar/');
}
after
use Drupal\Core\Routing\TrustedRedirectResponse;
public function myController() {
return new TrustedRedirectResponse('http://example.com/foo/bar/');
}
Do not use TrustedRedirectResponse with user submitted data, use a normal RedirectResponse for that case.
Impacts:
Module developers
Comments
TrustedRedirectResponse - Need advise or a patch file.
Just installing one of my site using the version 8.0.1 on Amazon AWS Linux.
Everything seems to work properly but each time a form is submitted I got always the following message:
"Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it."
How to fix this '\Drupal\Core\Routing\TrustedRedirectResponse'?
Would be great if some one advise me or if there is a correct patch file. Thanks.
Found a patch that works for me
https://www.drupal.org/node/2612160#comment-10637490
This did the trick for me. Keep an eye on the thread though as it may have security implications.
Did you find out how to fix
Did you find out how to fix this? I'm getting this error as well, except only on a site where drupal is not installed at the root level.
_t
Same issue
I'm hitting the same problem in my shared hosting environment. Drupal not at the root and i'm seeing the same error all the time.
Redirecting forms
This means that to redirect a form to an external url, you need to use
$form_state->setRedirectResponse()
not$form_state->setRedirectUrl()
.