Silex internal redirect without sending 301/302 to the browser

Question

Silex internal redirect without sending 301/302 to the browser

I am using Silex internal redirects to map public URLs to internal URLs i.e. my.domain.com/somethingactually performs my.domain.com/something_elseusing

$subRequest = Request::create(
    $redirect,
    $method, 
    [], // params
    $request->cookies->all(), 
    $request->files->all(), 
    $request->server->all()
);

if ($request->getSession())
{
    $subRequest->setSession($request->getSession());
}

return $app->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);

However, in the Chrome validation tool, this looks like 301 to the resulting page, which then serves as the result. Is this "by design" because it presents an interesting security problem? Are there ways to limit this?

While I can not send the code for the route controller something_else, the essence

// controller provider
$controller_factory->match('/something_else/{param}', function(...) {
    include 'path/to/some/file';
});

and

// some/file - prepares a file to be downloaded
...
return new BinaryFileResponse();

There are no RedirectResponses in this file.

. /something (.. /abcdefghijklmnopqrstuvwxyz, (-> /something_else, -> /something_else_2, -> etc).

+4

php symfony silex

Tyler Sebastian 27 . '15 16:41

3

, . , something_else , something .

. Silex - -, , , - , . , . RedirectableUrlMatcher - , , , , .

< script:

<?php
// web/index.php
require_once __DIR__.'/../vendor/autoload.php';

$app = new Silex\Application();

$app->get(
    '/the-only-functional',
    function() use ($app) {
        return new \Symfony\Component\HttpFoundation\Response(
            $app['request']->get('q')
        );
    }
);

$app->get(
    '/{whatever}',
    function($whatever) use ($app) {
        $subRequest = \Symfony\Component\HttpFoundation\Request::create(
            '/the-only-functional',
            'GET',
            ['q'=>$whatever]
        );
        $response = $app->handle($subRequest);

        if (200 != $response->getStatusCode()) {
            throw new \Exception(
                "Aha, that where the problem lies"
                . $response->getStatusCode() . ":"
                . $response->getContent()
            );
        }

        return $response;
    }
)->value('whatever', 'nothing');

$app->run();

http-, :

php -S localhost:8081 -d "date.timezone=UTC" -t web  web/index.php

:

curl -v http://localhost:8081/
curl -v http://localhost:8081/blah-blah
curl -v http://localhost:8081/the-only-functional?q=direct
curl -v http://localhost:8081/?q=this+example+does+not+forward+query+string

200.

, . - -, , , .

0

Alex Blex 30 . '15 10:35

You can see the Sub Request: http://silex.sensiolabs.org/doc/cookbook/sub_requests.html

use Silex\Application;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\HttpKernelInterface;

$app->get('/something', function (Application $app, Request $request) {
    $subRequest = Request::create('/something_else', ...);
    $response = $app->handle($subRequest, HttpKernelInterface::SUB_REQUEST, false);

    return $response;
});

-1

Raphaël vigée Nov 01 '15 at 13:34

source share

Tyler Sebastian · Accepted Answer · 2015-11-03T20:07:50+0000

: /.

:

$controller_factory->match('/something_else/{param}/', function($app, $param) { ... });
$controller_factory->match('/something', function($app) {
    // do the redirect to /something_else/{param}
    $redirect = '/something_else/hello';
    ...
});

? , Symfony , . , "" /something_else/something (. , ), , /something_else/something/ ( )

Silex internal redirect without sending 301/302 to the browser

More articles: