[5.x] Middleware to redirect absolute domains ending in dot #11782
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edalzell
reviewed
May 12, 2025
jasonvarga
changed the title
|
I've adjusted this so that it doesn't automatically add the middleware. If you want to use it, you can add it yourself in ->withMiddleware(function (Middleware $middleware) {
+ $middleware->append(\Statamic\Http\Middleware\RedirectAbsoluteDomains::class);
})It felt too heavy handed to be applied by default. It doesn't feel like the responsibility of the CMS to make such a broad change to your entire application, but I'm happy to make it available to be used. Also, by only applying it to the |
jasonvarga
approved these changes
May 13, 2025
|
Sounds good! Do we want something added to the docs for this so users know to apply this middleware when running into issues? |
|
Yeah! We can document it after it's been released. Although, if you're eager, feel free to open a PR on the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context: #11714
Domain names ending in dot are completely valid and documented separately in the RFCs
rfc-editor.org/rfc/rfc1035#:~:text=Domain names that end in a dot are called absolute%2C and are taken as complete.
rfc-editor.org/rfc/rfc1034#:~:text=character string which represents a complete domain name (often called "absolute"). For example%2C "poneria.ISI.EDU."
This causes problems when cache is cleared, the homepage is cached with the . suffix. Every user navigating from the homepage will cause every subsequent cache to contain this . suffix, even when users are not navigating to the site with the . suffix
Where the RFC defines it as being the absolute version of the same domain, browsers dealing with CORS do not agree. Causing issues when CORS is used anywhere on the page.
https://statamic.dev./ has the same problem if you visit the site, and open your console you can see it refuses to load the JS. And all internal links are replaced by https://statamic.dev./
This PR introduces an option to redirect domains ending in . to their non . variant e.g. https://example.com./example -> https://example.com/example
preventing urls ending in . from being cached and ensuring the user is sent to a correctly functioning page.
Most major sites seem to deal with it by simply redirecting:
And some do actually break because they don't handle this: