Skip to content

feat: prevent Maximum call stack size exceeded on client-managed requests #9852

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
datamweb wants to merge 21 commits into
base: 4.7
Choose a base branch
from
Open

feat: prevent Maximum call stack size exceeded on client-managed requests #9852

datamweb wants to merge 21 commits into from
+183 −8

Conversation

@datamweb
Copy link
Contributor

@datamweb datamweb commented Dec 20, 2025
edited
Loading

Description
The Debug Toolbar injects HTML and JavaScript into every HTML response by default, which works for full page loads but causes issues for client-managed or partial requests (such as those from HTMX, Unpoly, or Hotwire Turbo) that expect clean HTML fragments. This can result in invalid HTML, duplicated scripts, or JavaScript errors like “Maximum call stack size exceeded.” To address this, support was added to skip Debug Toolbar HTML/JS injection for requests containing specific headers (e.g. HX-Request, X-Up-Version), while still preserving Debugbar response headers for network-level debugging.

Screenshot 2025-12-20 215637

I don’t consider this PR a new feature. I believe it could have been to the develop branch, but since it introduces the $disableOnHeaders property, I only PR’d it to the 4.7 branch.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

michalsn
michalsn reviewed Dec 21, 2025
View reviewed changes
@michalsn michalsn added enhancement PRs that improve existing functionalities 4.7 labels Dec 21, 2025
michalsn
michalsn reviewed Dec 23, 2025
View reviewed changes
@datamweb datamweb marked this pull request as draft December 23, 2025 10:53
@datamweb
Copy link
Contributor Author

datamweb commented Dec 23, 2025
edited
Loading

@samsonasik , could you please advise on the best way to fix this rector issue in ToolbarTest.php?
https://github.com/codeigniter4/CodeIgniter4/actions/runs/20474006600/job/58835031436?pr=9852

michalsn
michalsn reviewed Dec 23, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As for the Rector error, we probably will have to skip the RemoveExtraParametersRector rule for this test. But maybe there is a better way - I'm not an expert.

@datamweb datamweb marked this pull request as ready for review December 24, 2025 01:32
@datamweb
Copy link
Contributor Author

datamweb commented Dec 24, 2025

As for the Rector error, we probably will have to skip the RemoveExtraParametersRector rule for this test. But maybe there is a better way - I'm not an expert.

I agree. I’ve disabled RemoveExtraParametersRector for this specific test via the configuration, since the parameter usage is intentional and required for the test behavior.

michalsn
michalsn reviewed Dec 25, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates! I have a few final thoughts.

michalsn
michalsn reviewed Dec 25, 2025
View reviewed changes
@datamweb datamweb marked this pull request as draft December 25, 2025 16:26
@datamweb datamweb marked this pull request as ready for review December 28, 2025 09:50
@datamweb datamweb marked this pull request as draft December 28, 2025 09:55
@datamweb datamweb marked this pull request as ready for review December 28, 2025 10:07
michalsn
michalsn reviewed Dec 28, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Please just list the methods with added return types in the changelog, under the "Method Signature Changes" section.

michalsn
michalsn reviewed Dec 28, 2025
View reviewed changes
system/Debug/Toolbar.php Outdated
*/
private function shouldDisableToolbar(IncomingRequest $request): bool
{
foreach ($this->config->disableOnHeaders as $headerName => $expectedValue) {
Copy link
Member

@michalsn michalsn Dec 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably fall back to an empty array in case the config file wasn't updated.

Copy link
Member

@michalsn michalsn Dec 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or even better, to: ['X-Requested-With' => 'xmlhttprequest'].

Copy link
Contributor Author

@datamweb datamweb Dec 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change has been applied.

michalsn
michalsn approved these changes Dec 28, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalsn michalsn michalsn approved these changes

Assignees

No one assigned

Labels

4.7 enhancement PRs that improve existing functionalities

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@datamweb @michalsn