Skip to content

[5.7] MethodNotAllowedHTTPException on Intended Redirect #25685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

[5.7] MethodNotAllowedHTTPException on Intended Redirect #25685

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
fcaf749
#25196: Don't put POST or Ajax URLs into session as the intended URL …
mcordingley Sep 18, 2018
adfaa87
#25196: Fall back to the previous URL, so the user can be sent as clo…
mcordingley Sep 18, 2018
3f9dce4
#25196: Test intended fallback behavior.
mcordingley Sep 18, 2018
9013e5e
Make StyleCI happy.
mcordingley Sep 18, 2018
12c2ff4
Fix up mocks.
mcordingley Sep 18, 2018
7ddaf1c
Fix verb.
mcordingley Sep 18, 2018
21ecbe2
Explicitly override mocked method.
mcordingley Sep 18, 2018
a7b6a0f
Move `byDefault()` up. The docs are unclear.
mcordingley Sep 18, 2018
3ebfefd
Support future developers by proactively marking added setup expectat…
mcordingley Sep 18, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion src/Illuminate/Routing/Redirector.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,13 @@ public function refresh($status = 302, $headers = [])
*/
public function guest($path, $status = 302, $headers = [], $secure = null)
{
$this->session->put('url.intended', $this->generator->full());
$request = $this->generator->getRequest();

$intended = $request->method() === 'GET' && $request->route() && ! $request->ajax() ?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity - why is ajax specifically excluded?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because we don't want to redirect the user to an AJAX route. We want to only redirect someplace that can be meaningfully loaded up in the browser.

See also Illuminate\Session\Middleware\StartSession::storeCurrentUrl().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An unlikely --but possible-- scenario is that the user has an expired session, makes an AJAX request, then manually goes over to the login page to log back in. In that case, the AJAX request could have gotten stored as the intended route, since there'd be nothing to overwrite the value in session.

$this->generator->full() :
$this->generator->previous();

$this->session->put('url.intended', $intended);

return $this->to($path, $status, $headers, $secure);
}
Expand Down
14 changes: 14 additions & 0 deletions tests/Routing/RoutingRedirectorTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ public function setUp()
$this->headers = m::mock('Symfony\Component\HttpFoundation\HeaderBag');

$this->request = m::mock('Illuminate\Http\Request');
$this->request->shouldReceive('method')->andReturn('GET')->byDefault();
$this->request->shouldReceive('route')->andReturn(true)->byDefault();
$this->request->shouldReceive('ajax')->andReturn(false)->byDefault();
$this->request->headers = $this->headers;

$this->url = m::mock('Illuminate\Routing\UrlGenerator');
Expand Down Expand Up @@ -70,6 +73,17 @@ public function testGuestPutCurrentUrlInSession()
$this->assertEquals('http://foo.com/login', $response->getTargetUrl());
}

public function testGuestPutPreviousUrlInSession()
{
$this->request->shouldReceive('method')->once()->andReturn('POST');
$this->session->shouldReceive('put')->once()->with('url.intended', 'http://foo.com/bar');
$this->url->shouldReceive('previous')->once()->andReturn('http://foo.com/bar');

$response = $this->redirect->guest('login');

$this->assertEquals('http://foo.com/login', $response->getTargetUrl());
}

public function testIntendedRedirectToIntendedUrlInSession()
{
$this->session->shouldReceive('pull')->with('url.intended', '/')->andReturn('http://foo.com/bar');
Expand Down