$_SERVER.PATH_INFO not passing on URL Query Parameters

Wappler General How To
#1

Hello Wapplers,

Hope everyone is enjoying Easter Break :slight_smile:

I have a redirect setup after the user logs in. My APIs look like this;

A security restrict API, if a user is not logged in, saves the $_SERVER.PATH.INFO in a session variable on the server side before the security restrict.

Screenshot 2024-03-31 at 2.13.08 pm
Screenshot 2024-03-31 at 2.13.08 pm904Ă—360 21 KB

Then the login API looks like this;

Screenshot 2024-03-31 at 2.16.12 pm
Screenshot 2024-03-31 at 2.16.12 pm872Ă—404 38.4 KB

On the login success, once the user is redirected to redirect_path.

The issue that I have is that if the requested URL contains a query parameter, then redirects works and loads the page, but does not load the query . For example, if the requested URL is;

Screenshot 2024-03-31 at 2.19.20 pm
Screenshot 2024-03-31 at 2.19.20 pm1440Ă—78 15.5 KB

After the login, it redirects to;

Screenshot 2024-03-31 at 2.20.29 pm
Screenshot 2024-03-31 at 2.20.29 pm978Ă—70 9 KB

Has anybody worked on something like in Wappler? Any help is appreciated. Thanks

SERVER MODEL: NodeJS
Wappler: 6.4.0

UPDATE: The security restrict is applied on the layout page.

#2

Add a Set Value with the expression $_SERVER to see all existing variables that you can access, and then find one that includes the query parameters :slight_smile:

#3

Thanks @Apple;

These are the variables from $_SERVER. Not sure which one will I can use to get hold of Query Parameters;

{
“test”: {
“HTTPS”: false,
“PATH_INFO”: “/api/login/test”,
“REMOTE_ADDR”: “::ffff:192.168.65.1”,
“REQUEST_PROTOCOL”: “http”,
“REQUEST_METHOD”: “GET”,
“SERVER_NAME”: “localhost”,
“BASE_URL”: “http://localhost:8100”,
“URL”: “/api/login/test”,
“HOSTNAME”: “a43d3ab48ba1”,
“HTTP_HOST”: “localhost:8100”,
“HTTP_SEC_FETCH-SITE”: “none”,
“HTTP_IF_NONE-MATCH”: "W/“2-vyGp6PvFo4RxxoIWeCReyIC8"”,
“HTTP_ACCEPT_LANGUAGE”: “en-AU,en;q=0.9”,
“HTTP_SEC_FETCH-MODE”: “navigate”,
“HTTP_ACCEPT_ENCODING”: “gzip, deflate”,
“HTTP_ACCEPT”: “text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8”,
“HTTP_USER_AGENT”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15”,
“HTTP_CONNECTION”: “keep-alive”,
“HTTP_UPGRADE_INSECURE-REQUESTS”: “1”,
“HTTP_COOKIE”: "__stripe_mid=1e1ddafc-6299-4bf7-a772-5cdxxxx
“HTTP_SEC_FETCH-DEST”: “document”
}
}

#4

I assume you have remembered to define it here

image

#5

Thanks,

I tried that; however, it does not hold the URL Query Parameters, only the path.

#6

I set the Server side session value to something like;

$_SERVER.PATH_INFO+’?’+$_SERVER.QUERY_STRING

It seems to work, and it passes on the URL query parameters after the successful login. I’m not sure if this will cause any issues down the track.

1 Like
#7

take a look at $_SERVER.URL, may be a better fit for you

#8

$_SERVER.PATH_INFO and $_SERVER.URL both provide the same result (A URL without query parameters).

#9

Please open a bug report, I think it’s missing $_SERVER.QUERY_STRING, I think I saw it yesterday on the source-code

Edit: Oh, you managed to find it! Sounds like it only appears if you actually have query parameters in the URL?

#10

Perhaps but i know URL works as I use it often.

#11

Not sure what you are trying to achieve here or what your issue is but try this
create a server action to output the required server vars

image
image562Ă—673 20.5 KB

Ensure all set value stages are flagged for output.
run it directly for the open in browser icon

image

Available server variables will be shown in JSON format, no query parameters will show as we didn’t send any.

image
image1002Ă—165 12.8 KB

Manually add parameters to the browser output

image
image781Ă—176 8.52 KB

The parameters should show. If not either you have done something wrong or it is a server issue (highly unlikely)

1 Like
#12

Thanks for looking into it.

What I am trying to do is that if a user has a link for example: http://localhost:8100/tas/create_tas?id=tas-7e8008f0-06d6-4293-b4a6-e46db94783f1

and when the user tries to access the link, it sends them to the login page and then the user gets redirected to the link. I followed Ken’s process here: Nodejs redirect to intended URL after login

I can get it to work, however the issue is that PATH_INFO or URL do not pass on the URL Query Parameter value.

#13

That helps, now I know what you are trying to do.
Had a quick look at kens solution and, while I havnt tested, it looks like it assumes you are using a routed URL. I assume there is a reason why you are not using routing?
When I get in front of a computer I will see if I can work out a fix.

1 Like
#14

Have you tried using $_PARAM? Just setup the expected params with routes.

image

image

Then you can use them within different steps of the API
image

#15

The workaround you found is fine, I believe

#16

Problem with the method here is that the url returned is that of the currently running script I.e. the api action, not the page itself. To get the page url is a little more complex.
Currently at medical appointment at present but will do video tutorial on how to do that on return.

#17

OK, here is the issue.

If you try to capture the URL or parameters from your page using $_SERVER.PAGE_REF or parameters from $_SERVER.QUERY_STRING the technically correct details are returned BUT that is not actually what you may need as the values returned are that of the API action, not the content page details.

So requesting $_SERVER.PAGE_REF from with the API workflow basically returns the name of the workflow API.

To get the details of the content page which you are on (which you need to return to), you need to capture these details from the corresponding LAYOUT page.

The easiest way is to add some code to the page.

say we want the PATH_INFO and the QUERY_STRING of the current page we would:

(I will take this in stages)

Assign the SERVER variable to variables in the layout page

<dmx-value id="varUrl" dmx-bind:value="'<%=_('$_SERVER.PATH_INFO')%>'"></dmx-value>

<dmx-value id="varQueryString" dmx-bind:value="'<%=_('$_SERVER.QUERY_STRING')%>'"></dmx-value>

you can then form the full URL with parameters by combining them.

<dmx-value id="varpage" dmx-bind:value="varUrl.value+'/'+varQueryString.value"></dmx-value>

You now have the full server path including parameters in the variable which we can echo in the content page or save wherever we want.
so it we run, for example

http://localhost:3000/paramtest

we get:

image
image1050Ă—299 18.3 KB

if we add a parameter we get

image
image1015Ă—312 21.2 KB

Now you have the path you can do whatever you want with it, save it as a server session, pass it as a parameter or whatever you want.

1 Like
#18

I think each one of us is doing or thinking differently

On my websites, any Security Restrict that redirects is applied directly on the page (Server-Side Rendered) instead of being on a Server Action. Therefore, I always have access to $_SERVER.QUERY_STRING, as I’m not using a Server Connect/Server Action combination

In regards to Hyperbytes suggestion, I want to mention some browsers might be configured to omit the referrer header (because the user configured as such), therefore making $_SERVER.PAGE_REF empty

#19

Valid comments, the security restrict is an important option for doing this.
I confess when I saw the url with id={{looks like a uuid} I assumed authentication was user level, not role level and security restrict was not appropriate but I may have assumed wrong.
Either way, it’s a useful tutorial on accessing server vars from a page

#20

Thought i would drop together a short video on how to use the security provider to route to the last page as an alternative to the above suggestion

4 Likes