Enhanced on_redirect closure
aimeos opened this issue · comments
Description
Currently, you can pass a closure which is called when redirects are allowed and at least one occurs:
https://docs.guzzlephp.org/en/stable/request-options.html#allow-redirects
The closure can only read the request, response and target URI objects but cannot modify them so it's use is limited. If it can return a modified URI object instead which is used for the next request or NULL if no more request should be made, then custom security policies for redirects could be implemented.
Example
$onRedirect = function(
RequestInterface $request,
ResponseInterface $response,
UriInterface $uri
) {
return in_array( $uri->getHost(), ['secure.com'] ) ? $uri : null;
};
Additional context
Affected lines:
guzzle/src/RedirectMiddleware.php
Lines 99 to 107 in 1dd98b0
The relevant change would be:
$uri = $nextRequest->getUri();
if (isset($options['allow_redirects']['on_redirect'])) {
$uri = ($options['allow_redirects']['on_redirect'])(
$request,
$response,
$uri
);
}
if(!$uri) {
return $response;
}
$promise = $this($nextRequest->withUri($uri), $options);
As this would be a breaking change, it can be implemented for Guzzle 8.0 earliest (because if no Uri object is returned by the closures like now, redirects are not followed any more),
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 2 weeks if no further activity occurs. Thank you for your contributions.
Any comments for the proposed change?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 2 weeks if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 2 weeks if no further activity occurs. Thank you for your contributions.