Skip to content

feat: prevent Maximum call stack size exceeded on client-managed requests#9852

Merged
michalsn merged 21 commits intocodeigniter4:4.7from
datamweb:debugbar-ajax-like-requests
Dec 30, 2025
Merged

feat: prevent Maximum call stack size exceeded on client-managed requests#9852
michalsn merged 21 commits intocodeigniter4:4.7from
datamweb:debugbar-ajax-like-requests

Conversation

@datamweb
Copy link
Contributor

@datamweb datamweb commented Dec 20, 2025
edited
Loading

Description
The Debug Toolbar injects HTML and JavaScript into every HTML response by default, which works for full page loads but causes issues for client-managed or partial requests (such as those from HTMX, Unpoly, or Hotwire Turbo) that expect clean HTML fragments. This can result in invalid HTML, duplicated scripts, or JavaScript errors like “Maximum call stack size exceeded.” To address this, support was added to skip Debug Toolbar HTML/JS injection for requests containing specific headers (e.g. HX-Request, X-Up-Version), while still preserving Debugbar response headers for network-level debugging.

Screenshot 2025-12-20 215637

I don’t consider this PR a new feature. I believe it could have been to the develop branch, but since it introduces the $disableOnHeaders property, I only PR’d it to the 4.7 branch.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

michalsn
michalsn reviewed Dec 21, 2025
View reviewed changes
@michalsn michalsn added enhancement PRs that improve existing functionalities 4.7 labels Dec 21, 2025
michalsn
michalsn reviewed Dec 23, 2025
View reviewed changes
@datamweb datamweb marked this pull request as draft December 23, 2025 10:53
@datamweb
Copy link
Contributor Author

datamweb commented Dec 23, 2025
edited
Loading

@samsonasik , could you please advise on the best way to fix this rector issue in ToolbarTest.php?
https://github.com/codeigniter4/CodeIgniter4/actions/runs/20474006600/job/58835031436?pr=9852

michalsn
michalsn reviewed Dec 23, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As for the Rector error, we probably will have to skip the RemoveExtraParametersRector rule for this test. But maybe there is a better way - I'm not an expert.

@datamweb datamweb marked this pull request as ready for review December 24, 2025 01:32
@datamweb
Copy link
Contributor Author

datamweb commented Dec 24, 2025

As for the Rector error, we probably will have to skip the RemoveExtraParametersRector rule for this test. But maybe there is a better way - I'm not an expert.

I agree. I’ve disabled RemoveExtraParametersRector for this specific test via the configuration, since the parameter usage is intentional and required for the test behavior.

michalsn
michalsn reviewed Dec 25, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates! I have a few final thoughts.

michalsn
michalsn reviewed Dec 25, 2025
View reviewed changes
@datamweb datamweb marked this pull request as draft December 25, 2025 16:26
datamweb and others added 4 commits December 28, 2025 12:34
@datamweb @michalsn
Update app/Config/Toolbar.php
971caa9 
Co-authored-by: Michal Sniatala <michal@sniatala.pl>
@datamweb @michalsn
Update system/Debug/Toolbar.php
02a2fcf 
Co-authored-by: Michal Sniatala <michal@sniatala.pl>
@datamweb
refactor: improve by shouldDisableToolbar to check header values
9cb1047
@datamweb
test: fix test
b7072c1
@datamweb datamweb marked this pull request as ready for review December 28, 2025 09:50
@datamweb datamweb marked this pull request as draft December 28, 2025 09:55
@datamweb datamweb marked this pull request as ready for review December 28, 2025 10:07
michalsn
michalsn reviewed Dec 28, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Please just list the methods with added return types in the changelog, under the "Method Signature Changes" section.

michalsn
michalsn reviewed Dec 28, 2025
View reviewed changes
michalsn
michalsn approved these changes Dec 28, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good!

neznaika0
neznaika0 suggested changes Dec 28, 2025
View reviewed changes
@michalsn michalsn merged commit 0d52f5a into codeigniter4:4.7 Dec 30, 2025
50 checks passed
@michalsn
Copy link
Member

michalsn commented Dec 30, 2025

Thank you @datamweb

@datamweb datamweb deleted the debugbar-ajax-like-requests branch December 30, 2025 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalsn michalsn michalsn approved these changes

@paulbalandan paulbalandan paulbalandan approved these changes

+1 more reviewer

@neznaika0 neznaika0 neznaika0 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement PRs that improve existing functionalities

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@datamweb @michalsn @neznaika0 @paulbalandan