Problem/Motivation
While participating in the Drupalcon sprints here in Barcelona I wanted to be lazy and run Drupal with drush runserver instead of configuring apache or something on my machine. All seemed to be fine and dandy with the installation and all, until I clicked add content, created a node and clicked save where I was given an error message:
Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.
The same error occurs after creating a content type and probably may places where redirects are involved. The node in question does get created.
I know that this is a bit of a rare use case, but since so many of us Drupal developers rely on Drush it would be great to have it supported.
Proposed resolution
Identify what is causing the issue.
Remaining tasks
Create a patch that resolves the issue.
User interface changes
None
API changes
Beta phase evaluation
Issue category | Bug because Drupal is unusable for people using drush runserver |
---|---|
Issue priority | Normal because it only affects developers |
Prioritized changes | Prioritized because it's a bug fix. |
Comments
Comment #2
badrange CreditAttribution: badrange at Wunder commentedComment #3
badrange CreditAttribution: badrange at Wunder commentedComment #4
valthebaldComment #5
dpiThis seems to be killing some of my tests.
https://travis-ci.org/dpi/rng/jobs/107251251
Comment #6
baaluaanand CreditAttribution: baaluaanand commentedI am also getting the same error, while i am trying to redirect to an external URL. While submit a drupal form, i am validating the form and redirecting to an external URL. Please guide me to fix this issue.
Thanks
Baalu
Comment #7
dpi@baaluaanand if you are actually redirecting to an external URL then you are not experiencing this bug. See Redirect to external URLs now requires a special object. This bug relates to seeing the error message while trying to redirect to an internal route.
Comment #8
baaluaanand CreditAttribution: baaluaanand commentedHi
I am not able to use the TrustedRedirectResponse() in form_state->setRedirectUrl() function.
I am trying to redirect to an external URL while submitting a form (Drupal API form), but not able to redirect.
Please help me to fix this issue
Comment #9
dpi@ baaluaanand Please look for/post a different issue.
Comment #10
swentel CreditAttribution: swentel as a volunteer commentedThis works fine when I run 'drush runserver' so not sure if this is still an issue.
Comment #11
dpiGot a feeling it has something to do with the '.' in the URL:
http://ubuntu/admin/structure/rng/event_types/manage/node.event/edit
http://ubuntu/admin/structure/rng/event_types/manage/nodeevent/edit
http://192.168.99.110/admin/structure/rng/event_types/manage/node.event/edit
http://192.168.99.110/admin/structure/rng/event_types/manage/nodeevent_1/edit
http://192.168.99.110:8181/admin/structure/rng/event_types/manage/node.event/edit
http://192.168.99.110:8181/admin/structure/rng/event_types/manage/nodeevent/edit
http://ubuntu:8080/admin/structure/rng/event_types/manage/node.event/edit
http://ubuntu:8080/admin/structure/rng/event_types/manage/nodeevent_2/edit
http://192.168.99.110:8080/admin/structure/rng/event_types/manage/node.event/edit
http://192.168.99.110:8080/admin/structure/rng/event_types/manage/nodeevent_2/edit
All tested from the same server.
FAIL = 'Redirects to external URLs are not allowed by default' shown
From the above URL, they are redirecting to
/admin/structure/rng/event_types
. Referrer issue?Comment #12
swentel CreditAttribution: swentel as a volunteer commentedInteresting table, moving to active again.
Comment #13
dpiLooks like these are related:
#1543858: Add a startup configuration for the built-in PHP server that supports clean URLs
Drush Issue #1641
Comment #14
dpiI've posted this issue to Drush, I'd appreciate it if you could take a look @swentel.
You can copy the changes in that PR directly to
~/.composer/vendor/drush/drush/commands/runserver/d8-rs-router.php
if you dont want to pull the whole repo.Comment #17
clemens.tolboomWe have Drupal 8.2.3 installed in a sub directory with a .htaccess redirect rule (complete bad installation) and get this 'error' from a user create link. Drupal generates the URL without the subdirectory somehow. Not sure how related this is.
XREFs
#2666074: "Redirects to external URLs are not allowed by default" error while using form_state setRedirectUrl function
#2599342: Form state doesn't allow trusted redirects
Comment #22
portulacaPossibly the same underlying issue:
Redirects being built as
http://localhost:8888/drupal8
and not considered safe by RedirectResponseSubscriberhttps://www.drupal.org/project/drupal/issues/2612160#comment-11767977
Comment #23
badrange CreditAttribution: badrange commentedNot working with Drupal at the moment (possibly any more), so I'm unfollowing.
Comment #28
larowlanIs this still an issue?
Is it only related to how drush runserver constructs the base url?
Comment #30
quietone CreditAttribution: quietone at PreviousNext commented7 months ago it was asked if this is still a problem in core and there has been no reply. Therefore, I am closing this as outdated.