[BUGFIX] Avoid redirect loop for empty redirect url
Sending a redirect response with a empty `Location` is invalid per RFC. Browser vendor are dealing differntly with it. * Firefox executes a redirect to the current url, leading to an `endless` redirect chain - stopping it after some recursions with a coresponding notice in the network tab. * Chrome determines this and is doing nothing at all with it - leading to a white page. From the [1] RFC regarding invalid URI spec for `Location`: > Note: Some recipients attempt to recover from Location > fields that are not valid URI references. This > specification does not mandate or define such > processing, but does allow it for the sake of > robustness. A matching redirect record with a manually entered `/` as redirect target leads in TYPO3 v11 to this behaviour. This can be mitigated by selecting the corresponding site root. For TYPO3 v12 and upwards a change in the LinkHandling has been introduced which properly handles the `/` in the link generation and correctly returning a `/` as redirect url. That change has quite some impact and is not reasonable to be backported to TYPO3 v11 within #100958. This change adds an additionally guard to the `RedirectHandler` to handle empty redirect urls as endless loop, just logging it and not responding with an redirect. This helps in v11 and keeps a safety guard for the future in this place. [1] https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2 Resolves: #100791 Related: #100958 Releases: main, 12.4, 11.5 Change-Id: I2af2d5bf759a277ade45bd0f7740ffe0099003b3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81280 Tested-by:Stefan Bürk <stefan@buerk.tech> Tested-by:
core-ci <typo3@b13.com> Reviewed-by:
Please register or sign in to comment