Closed (duplicate)
Project:
Masquerade
Version:
8.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
1 Mar 2016 at 23:32 UTC
Updated:
12 Oct 2022 at 18:08 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
realgt commentedthis issue is happening for me as well, when you unmasquerade the redirect takes you back to <front> page instead of previous page (although i don't propose the js destination solution)
Comment #3
realgt commentedaffects 8.x-2.0-beta4
Comment #4
realgt commentedheres a patch that allowed unmasquerade redirect to function correctly
Comment #5
realgt commentedupdated patch fixes paths
Comment #6
realgt commentedupdate to remove trailing whitespace
Comment #7
andypostFrom security POV the referrer header is insecure and surely can't be used instead of destination
Comment #8
interdruper commentedIMHO, src/Controller/SwitchController.php would need a little refactoring. Right now the referer is ignored, since destination always is valid and it contains the url defined in the route 'masquerade.unmasquerade', that is:
/unmasquerade?token=...If the refererer exists, an additional parameter would be required, that is:
/unmasquerade?token=...&destination=/referer/pathComment #9
murzAs an alternative, we can fill "&destination" parameter on /unmasquerade link at frontend via JS, for keep this link cacheable globally, not per-url. And maybe even do this at "onClick" event.
Comment #10
pelicani commentedNote : another patch is available that handles this situation really well ...
https://www.drupal.org/project/masquerade/issues/3158235
this patch handles the referrer without adding a destination to the url.
Comment #11
solideogloria commentedClosing as a duplicate of the other issue.
#3158235: MasqueradeBlock & getRedirectResponse improvements
Patch #4 of the linked issue works nicely.