I believe I mentioned this in last week's IRC chat, but I had inquired about bringing back redirect exceptions.
I've not played with Security component, but I'm curious how it does its redirection. One of the challenges I had while developing the SimpleCASBundle (long before security component was publicly announced) was deciding how to interrupt controllers with a redirect if controller code called my requireUser() or requireUid() methods. Alternatives at the time would be for all controllers to check for a user/uid themselves and then manually redirect (seems anti-DRY) or have a base controller class that implemented this functionality (not very extensible). At this point, I plan to migrate SimpleCASBundle to support the security component; however, the question stands for other cases where a service might want to cause a redirect to occur, not necessarily for security reasons. The debug toolbar example isn't a very practical case for me, as it just catches redirects at the last possible moment (not what you'd want for a defensive, in-your-face redirect). I'm fine if this is intentionally omitted from Symfony2, but it would be helpful to have an official statement regarding the use case above, even if it's "you shouldn't be doing that" :D On Mon, Nov 15, 2010 at 3:44 PM, Lukas Kahwe Smith <[email protected]>wrote: > Hi, > > Since I got Fabien on record saying that redirect() is part of the view [1] > "<fabpot> redirects are part of the View" > > I totally agree and we have already seen that its kind of problematic for > controllers that want to support multiple output formats, that they have to > add logic into the controller to handle the different output format cases, > using a redirect in a few (actually one) cases. > > I wanted to discuss how to proceed here. Right now we have a setRedirect() > method in the Reponse class: > > public function setRedirect($url, $status = 302) > { > if (empty($url)) { > throw new \InvalidArgumentException('Cannot redirect to an empty > URL.'); > } > > $this->setStatusCode($status); > if (!$this->isRedirect()) { > throw new \InvalidArgumentException(sprintf('The HTTP status > code is not a redirect ("%s" given).', $status)); > } > > $this->headers->set('Location', $url); > $this->setContent(sprintf('<html><head><meta http-equiv="refresh" > content="1;url=%s"/></head></html>', htmlspecialchars($url, ENT_QUOTES))); > } > > Interestingly the redirect will be modified via a listener by the web debug > toolbar: > if ($response->headers->has('X-Debug-Token') && > $response->isRedirect() && $this->interceptRedirects) { > $r = new Response(); > $r->setContent( > sprintf('<html><head></head><body><h1>This Request redirects > to<br /><a href="%s">%s</a>.</h1></body></html>', > $response->headers->get('location'), > $response->headers->get('location')) > ); > $r->headers->set('X-Debug-Token', > $response->headers->get('X-Debug-Token')); > > $response = $r; > } > > regards, > Lukas Kahwe Smith > [email protected] > > [1] http://trac.symfony-project.org/wiki/IRCLogs20101111 > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-devs%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
