if ($response instanceof RedirectResponse
) { $request =
$event->
getRequest();
// Let the 'destination' query parameter override the redirect target.
// If $response is already a SecuredRedirectResponse, it might reject the
// new target as invalid, in which case proceed with the old target.
$destination =
$request->query->
get('destination'
);
if ($destination) { // The 'Location' HTTP header must always be absolute.
$destination =
$this->
getDestinationAsAbsoluteUrl($destination,
$request->
getSchemeAndHttpHost());
try { $response->
setTargetUrl($destination);
} catch (\InvalidArgumentException
$e) { } } // Regardless of whether the target is the original one or the overridden
// destination, ensure that all redirects are safe.
if (!
($response instanceof SecuredRedirectResponse
)) { try { // SecuredRedirectResponse is an abstract class that requires a
// concrete implementation. Default to LocalRedirectResponse, which