Magento2: When the Admin is on a different domain, redirect always fails and causes it to redirect to the front page

@4DallasC, thank you for your report.
We've created internal ticket(s) MAGETWO-84133 to track progress on the issue.

@okorshenko I would like to work on this one, can it be assigned to me?

@briscoda here you go!

@KarlDeux

Having trouble reproducing this. It seems like this all works the way that it should.

I went into the admin and went to:

Store -> Configuration -> Advanced -> Admin

Where I changed the following values.

The attached screencasts show what I did to try to reproduce this. Let me know if there is something different that I should do.

Custom admin domain and path:
https://www.screencast.com/t/rRuMArVYUi

Custom admin path only:
https://www.screencast.com/t/9D9LWq6CEXz

Hello Paul,

The custom domain should be:-
https://admin.screencast.com/t/rRuMArVYUi
https://www.screencast.com/t/rRuMArVYUi

When changing the subdomain for the admin server, this cause a problem,
as the main site as given by getUrl returns www.screencast.com and not
admin.screencast.com

Thanks,
Dallas.

On 3/02/2018 2:01 PM, Paul Briscoe wrote:
>

@KarlDeux https://github.com/karldeux

Having trouble reproducing this. It seems like this all works the way
that it should.

I went into the admin and went to:

Store -> Configuration -> Advanced -> Admin

Where I changed the following values.
settings_one
https://user-images.githubusercontent.com/197987/35762429-8197947e-0864-11e8-8b6f-59d69c954aff.png

The attached screencasts show what I did to try to reproduce this. Let
me know if there is something different that I should do.

Custom admin domain and path:
https://www.screencast.com/t/rRuMArVYUi

Custom admin path only:
https://www.screencast.com/t/9D9LWq6CEXz

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/magento/magento2/issues/12354#issuecomment-362771904,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJt7BNvdJw9VRHNaOy1PQ2ry_4qEpLLlks5tQ8wOgaJpZM4QjzTK.

Hi Dallas,

I think that is what I have done, but just with different names. I notice that in the database there are entries that get created the base_url for the "stores" scope for scope_id "0".

I've tried changing this config in a variety of ways.

Hello Paul,

That tactic may have worked in Magento 1, but does not work in Magento

1. In Magento 2 you need to set the Admin base URL, which is different
   to both the secure and un-secure urls:-

Admin Base URL

Obviously the function in question is not looking at the 'Custom Admin
URL' when determining if the domain is internal.

Regards
Dallas Clarke

MBA'13 (IT Mgmt) UTS
BSc'03 (CS) & LLB'03 UNSW
Managing Director
Ekky Software Pty Ltd

Homepage: http://www.ekkysoftware.com
Mobile: 0424 990 497
Email: [email protected]

Notice: The information contained in this email is confidential. If you
are not the intended recipient, you may not disclose or use the
information in this email in any way.

On 4/02/2018 1:04 AM, Paul Briscoe wrote:
>

Hi Dallas,

I think that is what I have done, but just with different names. I
notice that in the database there are entries that get created the
base_url for the "stores" scope for scope_id "0".

screen shot 2018-02-03 at 9 01 32 am
https://user-images.githubusercontent.com/197987/35767831-151c8b4e-08c1-11e8-97c1-2796e1abc5a8.png

I've tried changing this config in a variety of ways.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/magento/magento2/issues/12354#issuecomment-362810108,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJt7BI4oO66H4xEfI0rK7P9QkKfVTc4dks5tRGd1gaJpZM4QjzTK.

Hi Dallas,

Maybe I have done something incorrectly in my configuration? In the screenshot what I was illustrating was that I changed the settings:

"Use Custom Admin URL" to "Yes" and
"Custom Admin URL" to "http://squashadmin.hedevm2.com/"

Which I think follows Step 1 in the steps to reproduce.

Then for Step 2 it says to "use a page that responds via the redirect" which happens automatically when I save the configuration. Then, if I try to go to the original admin URL I get a 404. Is this the redirect that you are talking about?

Maybe I just need more clarification around how/when you are expecting that redirect would happen. Also, if you can identify something in the configuration that I should modify in my setup that I haven't set correctly, please let me know.

From my testing, I always end up at the M2 admin screen and the screenshots I showed of the database were settings that M2 added automatically when the config was saved.

Talk to you soon!

Paul

Hello Paul,

Yes. Hopefully you can read the function _isUrlInternal, as shown and
see that it doesn't consider the change in domain by the "Custom Admin
URL" setting. Can you please add the logic to check if "Use Custom Admin
URL" is true, then check the domain via the "Custom Admin URL" value
instead of the "getBaseUrl" function.

In Magento 1, the Mage::getStoreConfig() function would default to a
store ID of 0 for the admin section. With Magento 2, the
$this->_storeManeger->getStore() will return the default store, ie store
ID of 1. This means the function "getBaseUrl" will return the domain
name for the default frontend store even when it's in the admin section,
with a custom domain name.

Regards
Dallas Clarke

MBA'13 (IT Mgmt) UTS
BSc'03 (CS) & LLB'03 UNSW
Managing Director
Ekky Software Pty Ltd

Homepage: http://www.ekkysoftware.com
Mobile: 0424 990 497
Email: [email protected]

Notice: The information contained in this email is confidential. If you
are not the intended recipient, you may not disclose or use the
information in this email in any way.

On 4/02/2018 9:04 AM, Paul Briscoe wrote:
>

Hi Dallas,

Maybe I have done something incorrectly in my configuration? In the
screenshot what I was illustrating was that I changed the settings:

"Use Custom Admin URL" to "Yes" and
"Custom Admin URL" to "http://squashadmin.hedevm2.com/"

Which I think follows Step 1 in the steps to reproduce.

Then for Step 2 it says to "use a page that responds via the redirect"
which happens automatically when I save the configuration. Then, if I
try to go to the original admin URL I get a 404. Is this the redirect
that you are talking about?

Maybe I just need more clarification around how/when you are expecting
that redirect would happen. Also, if you can identify something in the
configuration that I should modify in my setup that I haven't set
correctly, please let me know.

From my testing, I always end up at the M2 admin screen and the
screenshots I showed of the database were settings that M2 added
automatically when the config was saved.

Talk to you soon!

Paul

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/magento/magento2/issues/12354#issuecomment-362858158,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJt7BFGWEUi1L5hhUtsrtffYwJl3xyooks5tRNgJgaJpZM4QjzTK.

Hi Dallas,

OK! I see what you're talking about, but there seem to be other kinds of related issues around this.

See: https://github.com/magento/magento2/issues/9741, which I think is a little bit different, but depending on where in the code and your use case that could be something. I tested getting that request value and got back 0.

And then I wanted to validate that you are just using that _isUrlInternal method to validate the admin scope before calling getBaseUrl?

I also wanted to call out that if you are writing a module you can set the scope to 0 to ensure that your instance of the storeManager is using the admin scope which then returns the correct base_url value from the database. I also think that the usage of the _isUrlInternal method isn't used anywhere else in the M2 codebase except inside of this case. The only references that I find for it are in a deprecated methods in dev test.

So, although we can add the scope check like you are mentioning, I'm just kind of wondering if it would be better to just call the storeManager from the admin scope rather than putting in a patch on a method that might not be used in the future.

What are your thoughts?

$myStoreUrl = $this->_storeManager->getStore()->getBaseUrl(); $anotherTest = $this->_storeManager->getStore(0)->getBaseUrl();

Talk to you soon,

Hello @briscoda

I don't think #9741 is a bug. Magento 1 behaved differently in many ways, not all of those differences are wrong. I personally don't think that the admin with a NULL store ID, that would force the default settings to be loaded is the best solution. In Magento 2, there needs to be a valid object returned by the Store Manager, and really the Admin website should have been given it's own store ID and the default store should have had a different store ID. Oh well, something to save for Magento 3.

I think it is better to test all three possible values to determine whether the re-direct URL is internal and not just the secure and unsecure base URLs. Make life simple for yourself.

We are having the same issue with one of your magento 2 instance.

Oddly enough, we have a store that was created in 2.1.X and was migrated to 2.2.4 recently that never faced this issue (even after updates). We started a brand new 2.2.4 (same hosting setup, exactly the same code base) and are now facing this issue on the new store, where we are unable to reach the admin once the custom url are set.

We are trying to compare every entry of "core_config_data" to see if a settings could be the culprit, but nothing found so far.

Hey, not sure if related but I'll drop my 2 cents.
Migrated domain from live to test server needed to update base url's but the bin/magento command was not doing it for some reason....
Updated in DB.
Find the previous store config site base urls in the core config data table.
Update the ones where appropriate eg web/secure and web/unsecure base_link_url or base_url etc. to the appropriate new path.

SELECT path,value FROM core_config_data WHERE value LIKE '%olddomain%';
-- example
UPDATE core_config_data SET value = 'https://yourdomain/' WHERE path = 'web/unsecure/base_link_url';
UPDATE core_config_data SET value = 'https://yourdomain/' WHERE path = 'web/secure/base_link_url';

Resolved this for me, in my case any links/admin were redirecting to the real site not the test site domain.

Still having this issue in 2.2.6

Having the same problem. I also think there are different problems. (Magento 2.3)

StoreManager
In my opinion the StoreManager should return 0 when I'm in the admin area .. that seems most logical for me.

getBaseUrl
This method should handle the special case for the diffrent custom admin url.

I don't see the need for having "admin/url/use_custom" AND "admin/url/custom". We already have a base admin value with store id 0. If we remove these configs and the StoreManager return 0 in admin everything should be possible and the problems disapper.

Hi @rav-redchamps. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:

• [ ] 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• [ ] 2. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!
  

• [ ] 3. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• [ ] 4. If the issue is not relevant or is not reproducible any more, feel free to close it.

Just created a pull request https://github.com/magento/magento2/pull/21148 this will fix the problem.

Similar to https://github.com/magento/magento2/issues/3147 and https://github.com/magento/magento2/issues/12502 this is a non-issue.

Still having this issue in 2.2.6

Did You find any solution? I too still having this issue

Hi, Anyone give me a solution to solve this issue.

Still having this issue in 2.2.6

Did You find any solution? I too still having this issue

sudo nano +213 vendor/magento/module-store/App/Response/Redirect.php
return true || (strpos($url, $unsecureBaseUrl) === 0) || (strpos($url, $secureBaseUrl) === 0);

Still having this issue in 2.2.6

Did You find any solution? I too still having this issue

sudo nano +213 vendor/magento/module-store/App/Response/Redirect.php
return true || (strpos($url, $unsecureBaseUrl) === 0) || (strpos($url, $secureBaseUrl) === 0);

Hi, can you tell me with explanation. i have only cpanel access.

Hi, I had changed like this on the endor/magento/module-store/App/Response/Redirect.php file
Line number 213.
return (strpos($url, $unsecureBaseUrl) === 0) || (strpos($url, $secureBaseUrl) === 0); => return true || (strpos($url, $unsecureBaseUrl) === 0) || (strpos($url, $secureBaseUrl) === 0);

But still problem not solved. Even after clearing cache / setup:upgrade

i changed it like that

https://gist.github.com/mvenghaus/d53620df53a9da60ba3d257bbc9bd1c8

i changed it like that

https://gist.github.com/mvenghaus/d53620df53a9da60ba3d257bbc9bd1c8

Need to change whole file or just need to change that _isUrlInternal() function.?

I had tried by just changing the function. But issue not get solved.

Why this issue is closed without a solution.?

Hello @orlangur

May I ask you to explain with details _why you closed this as a non-issue and how it can be resolved_?

Based on several comments above from @ask694 it is still a problem that was not resolved yet

Thank you in advance!

Hi, I had tried to use the subdomain like admin.domain.com for magento 2 admin panel. I had change the setting on system -> config -> Advanced -> admin -> admin base url -> Custom Admin URL
After clearing cache, When i try to login admin panel by the custom url. It redirects to base url like www.domain.com/admin/admin. Why this is happening even in magento 2.3.1 ? This issue still not solved. i think

I need a solution / fix for this issue.

Still this is not taken as a issue..? :( Magento 2 not supporting the subdomain / custom url for Admin panel.

Hello @ask694

The modification I suggested works for me in Magento v2.0, v2.1, v2.2 and v2.3. I guess that this issues is not in fact your problem. I can only suggest you seek help by hiring a more senior Magento developer.

Hello @ask694

The modification I suggested works for me in Magento v2.0, v2.1, v2.2 and v2.3. I guess that this issues is not in fact your problem. I can only suggest you seek help by hiring a more senior Magento developer.

Still your solution not clear. Can you please explain that solution. or create one gist with modified Redirect.php file

Still your solution not clear. Can you please explain that solution. or create one gist with modified Redirect.php file

@ask694 please try this PR, change line 111 in this file, just remove the !, it seems to work for us:

https://github.com/magento/magento2/pull/25563/files