Slim 4 middleware redirects are not working as expected...

[bmcminn]

OS: Ubuntu 22.04.2 LTS 64-bit
PHP: 8.1
Slim: ^4.11
Slim/Psr7: ^1.6

Attempting to create a barebones Slim 4 app following the Slim v4 docs on the website and on a medium article to setup auth redirects via route/group middleware.

https://www.slimframework.com/docs/v4/concepts/middleware.html#route-middleware
https://mcvendrell.medium.com/a-simple-login-auth-project-with-slim-framework-4-29f73d4e1d55

When trying to write an Auth middleware to check for a missing session value and redirect the user to the login page, I'm running into odd behaviors with redirects similar to #3257, #3177, #2517, and others I've looked into, but none of them seem to do the trick.

All that happens is the redirect "works", however the page is blank, the network tab in the browser shows a 301 response per my middleware redirect, but the request and response tabs are empty because the server appears to be silently failing and not handling the request properly.

I tried running this public/main.php file using the built-in PHP Dev server and an Apache/PHP docker instance configured just like the web-servers docs suggested and the apps run fine, however middleware withHeader redirects do not function as I would expect them to.

https://www.slimframework.com/docs/v4/start/web-servers.html

<?php

use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;

use Slim\Factory\AppFactory;
use Slim\Psr7\Response as Response7;

require __DIR__ . '/../vendor/autoload.php';

session_start();

$app = AppFactory::create();

$app->addRoutingMiddleware();

$app->addErrorMiddleware(
    $displayErrorDetails=true,
    $logErrors=true,
    $logErrorDetails=true
);


$forceLoginRedirect = function(Request $req, RequestHandler $next) {

    if (empty($_SESSION['user'])) {
        $res = new \Slim\Psr7\Response(302);
        $res->withHeader('Location', '/#')
            ->withStatus(301);
        ;
        return $res;
    }

    $res = $next->handle($req);

    return $res;
};


$app->get('/#', function (Request $req, Response $res) {
    $res->getBody()->write('login view');
    return $res;
});


$app->get('/', function (Request $req, Response $res) {
    $res->getBody()->write('pants');
    return $res;
})
    ->add($forceLoginRedirect)
;


$app->run();

[odan]

The issue with your middleware is that the $res->withHeader() method returns a new instance of the response with the header added, but you're not assigning it to any variable or returning it, so the response returned by the middleware is empty.

To fix this, you can assign the returned response to $res before returning it.

$res = $res->withHeader('Location', '/#')
    ->withStatus(302);

return $res;

Please note that we have a forum to discuss questions like this.

[bmcminn]

Gotcha, thank you for the insight, that helps a lot.

I def think that would be helpful to explain in a new section of the Middleware Concepts docs, similar to the Returning a Redirect section in the Response docs.

Closing this issue and will post a docs request in the slim/slim-website repo.

[odan]

This concept is already documented here: PSR-7 Value objects