Compare admin domain from the start, not as a substring

[zapotocnylubos]

Description (*)

When custom admin URL is used, the current algorithm wrongly detects custom admin URL, when its in a form of subdomain (for example admin.domain.com)

Related Pull Requests

None

Fixed Issues (if relevant)

1. Fixes Magento admin URL routing wrong detection and CORS errors #37663

Manual testing scenarios (*)

Install Magento and make sure it is working URL should be m2.domain.local

1. Enable and set the admin path to "/admin123" (in env.php), and make sure admin UI logs in after changing the admin path
2. Create a frontend (store_view) on the domain "m2.domain.local"
3. Set the custom admin URL to "admin.m2.domain.local". Also, make sure u r updating the virtual host and host files accordingly. Restart the httpd server
4. Access using a custom URL, ur application should work

Questions or comments

None

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @zapotocnylubos. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.

Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[zapotocnylubos]

@magento run all tests

[lbajsarowicz]

@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE

[lbajsarowicz]

@magento run WebAPI Tests, Sample Data Tests B2B, Sample Data Tests CE, Sample Data Tests EE

[zapotocnylubos]

I rebased the branch for easier integration (GitHub suggested that and proposed easy button here).

[zapotocnylubos]

@magento run all tests

[zapotocnylubos]

@magento run Sample Data Tests B2B, Sample Data Tests CE, Sample Data Tests EE

[magento-automated-testing]

Failed to run the builds. Please try to re-run them later.

[lbajsarowicz]

Thank you for your input @zapotocnylubos, this resolves the issue we are having on a few projects. Please don't make any changes to the PR, don't update it with the latest leading branch.

I brought some 👍🏻 for you, so the PR will be processed (hopefully) sooner.

[lbajsarowicz]

@ihor-sviziev and @andrewbess - I need your review in order to proceed with this ticket.
The PR is important for Adobe Commerce support that can not resolve the issue for 1+ month.

[ihor-sviziev]

Hi @zapotocnylubos ,
Could you please cover your change with a unit test?

[lbajsarowicz]

@zapotocnylubos or @ihor-sviziev Could you cherry pick these two commits zapotocnylubos#1 to current PR?

[zapotocnylubos]

cherry picked, thank you @lbajsarowicz

[zapotocnylubos]

@magento run all tests

[ihor-sviziev]

@zapotocnylubos @lbajsarowicz, shouldn't it be a URL ending with a slash like this? (I didn't test it)
Could you check what the actual value you're having here?

Suggested change

	'url' => 'https://magento.loc',
	'host' => 'magento.loc',
	'useCustomAdminUrl' => '1',
	'customAdminUrl' => 'https://admin.magento.loc',
	'expectedValue' => false
	],
	'visitingAdminInSubdomain' => [
	'url' => 'https://magento.loc',
	'host' => 'admin.magento.loc',
	'useCustomAdminUrl' => '1',
	'customAdminUrl' => 'https://admin.magento.loc',
	'expectedValue' => true
	'url' => 'https://magento.loc/',
	'host' => 'magento.loc',
	'useCustomAdminUrl' => '1',
	'customAdminUrl' => 'https://admin.magento.loc/',
	'expectedValue' => false
	],
	'visitingAdminInSubdomain' => [
	'url' => 'https://magento.loc/',
	'host' => 'admin.magento.loc',
	'useCustomAdminUrl' => '1',
	'customAdminUrl' => 'https://admin.magento.loc/',
	'expectedValue' => true

[ihor-sviziev]

Just wondering why we have a "starts with" logic for the admin hostname. Shouldn't it be fully compared?
In theory, we can proxy any domain to something like

admin.m2website.com to admin.m2website.com.myowndomain.com, and it will pass. I'm not sure if that could cause any issues directly, but might lead to finding additional vulnerabilities based on this behavior.

What do you think?

[engcom-Hotel]

@magento run all tests

[engcom-Hotel]

We are moving this PR to Changes Requested as this PR is already reviewed.

[engcom-Bravo]

Hi @zapotocnylubos,

Thanks for your Contribution!!.

As per this comment #37663 (comment)

The Magento core engineering team is working on the issue which you have addressed in this PR. Team will cherry pick the commits from your PR and may do further implementation to cover few more scenarios as needed. We will reach out to you if we need more information. For now, you can pause work on this PR.we are moving this PR to On Hold

Thank you once again!