3 namespace Drupal\Core\EventSubscriber;
5 use Drupal\Core\Routing\RedirectDestinationInterface;
6 use Drupal\Core\Utility\Error;
7 use Psr\Log\LoggerInterface;
8 use Symfony\Component\HttpFoundation\Response;
9 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
10 use Symfony\Component\HttpKernel\HttpKernelInterface;
11 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
12 use Symfony\Component\Routing\Matcher\UrlMatcherInterface;
15 * Exception subscriber for handling core default HTML error pages.
17 class DefaultExceptionHtmlSubscriber extends HttpExceptionSubscriberBase {
22 * @var \Symfony\Component\HttpKernel\HttpKernelInterface
24 protected $httpKernel;
27 * The logger instance.
29 * @var \Psr\Log\LoggerInterface
34 * The redirect destination service.
36 * @var \Drupal\Core\Routing\RedirectDestinationInterface
38 protected $redirectDestination;
41 * A router implementation which does not check access.
43 * @var \Symfony\Component\Routing\Matcher\UrlMatcherInterface
45 protected $accessUnawareRouter;
48 * Constructs a new DefaultExceptionHtmlSubscriber.
50 * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel
52 * @param \Psr\Log\LoggerInterface $logger
54 * @param \Drupal\Core\Routing\RedirectDestinationInterface $redirect_destination
55 * The redirect destination service.
56 * @param \Symfony\Component\Routing\Matcher\UrlMatcherInterface $access_unaware_router
57 * A router implementation which does not check access.
59 public function __construct(HttpKernelInterface $http_kernel, LoggerInterface $logger, RedirectDestinationInterface $redirect_destination, UrlMatcherInterface $access_unaware_router) {
60 $this->httpKernel = $http_kernel;
61 $this->logger = $logger;
62 $this->redirectDestination = $redirect_destination;
63 $this->accessUnawareRouter = $access_unaware_router;
69 protected static function getPriority() {
70 // A very low priority so that custom handlers are almost certain to fire
71 // before it, even if someone forgets to set a priority.
78 protected function getHandledFormats() {
83 * Handles a 401 error for HTML.
85 * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
86 * The event to process.
88 public function on401(GetResponseForExceptionEvent $event) {
89 $this->makeSubrequest($event, '/system/401', Response::HTTP_UNAUTHORIZED);
93 * Handles a 403 error for HTML.
95 * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
96 * The event to process.
98 public function on403(GetResponseForExceptionEvent $event) {
99 $this->makeSubrequest($event, '/system/403', Response::HTTP_FORBIDDEN);
103 * Handles a 404 error for HTML.
105 * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
106 * The event to process.
108 public function on404(GetResponseForExceptionEvent $event) {
109 $this->makeSubrequest($event, '/system/404', Response::HTTP_NOT_FOUND);
113 * Makes a subrequest to retrieve the default error page.
115 * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
116 * The event to process.
118 * The path/url to which to make a subrequest for this error message.
119 * @param int $status_code
120 * The status code for the error being handled.
122 protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $status_code) {
123 $request = $event->getRequest();
124 $exception = $event->getException();
127 // Reuse the exact same request (so keep the same URL, keep the access
128 // result, the exception, et cetera) but override the routing information.
129 // This means that aside from routing, this is identical to the master
130 // request. This allows us to generate a response that is executed on
131 // behalf of the master request, i.e. for the original URL. This is what
132 // allows us to e.g. generate a 404 response for the original URL; if we
133 // would execute a subrequest with the 404 route's URL, then it'd be
134 // generated for *that* URL, not the *original* URL.
135 $sub_request = clone $request;
137 // The routing to the 404 page should be done as GET request because it is
138 // restricted to GET and POST requests only. Otherwise a DELETE request
139 // would for example trigger a method not allowed exception.
140 $request_context = clone ($this->accessUnawareRouter->getContext());
141 $request_context->setMethod('GET');
142 $this->accessUnawareRouter->setContext($request_context);
144 $sub_request->attributes->add($this->accessUnawareRouter->match($url));
146 // Add to query (GET) or request (POST) parameters:
147 // - 'destination' (to ensure e.g. the login form in a 403 response
148 // redirects to the original URL)
149 // - '_exception_statuscode'
150 $parameters = $sub_request->isMethod('GET') ? $sub_request->query : $sub_request->request;
151 $parameters->add($this->redirectDestination->getAsArray() + ['_exception_statuscode' => $status_code]);
153 $response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST);
154 // Only 2xx responses should have their status code overridden; any
155 // other status code should be passed on: redirects (3xx), error (5xx)…
156 // @see https://www.drupal.org/node/2603788#comment-10504916
157 if ($response->isSuccessful()) {
158 $response->setStatusCode($status_code);
161 // Persist any special HTTP headers that were set on the exception.
162 if ($exception instanceof HttpExceptionInterface) {
163 $response->headers->add($exception->getHeaders());
166 $event->setResponse($response);
168 catch (\Exception $e) {
169 // If an error happened in the subrequest we can't do much else. Instead,
170 // just log it. The DefaultExceptionSubscriber will catch the original
171 // exception and handle it normally.
172 $error = Error::decodeException($e);
173 $this->logger->log($error['severity_level'], '%type: @message in %function (line %line of %file).', $error);