Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.

@alexverb I'm not sure we are you having this issue as we are redirecting inside the site and not to an external url.

This issue occurs consistently for us on sites that exist behind a proxy—I'm not a network guy, so I don't understand all the details, but I'm pretty sure it's either trying to redirect from the unproxied path to the proxied one or vice versa, and that's causing this error.

@noah and the patch fix the problem for you?

With the changes from the patch in place, flushing the cache from the toolbar works. Running cron, however, results in this error:

LogicException: The controller result claims to be providing relevant cache metadata, but leaked metadata was detected. Please ensure you are not rendering content too early. Returned object class: Drupal\Core\Routing\TrustedRedirectResponse. in Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext() (line 154 of /site/root/web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php).

I had applied the changes from the patch manually because it doesn't apply cleanly to 8.x-2.4, and also there appears to be a typo at line 10 of the patch—I think that:

+use Drupal\Core\Routing\TrustedTrustedRedirectResponse;

should be:

+use Drupal\Core\Routing\TrustedRedirectResponse;

@noah can you provide a new patch?

I can update the existing patch to fix the typo and fuzziness, if that helps, but I spent a bit of time looking at the "LogicException" error and wasn't able to get anywhere—someone with a better understanding of how caching works will have to sort that out.

Patch attached—this should apply cleanly to 8.x-2.x, and fixes the typo in the previous patch. It does not fix the new "LogicException" error when running cron from the toolbar.

I can't create an inderdiff to create for some reason—it keeps failing on the line from the previous patch with the typo.

@noah. Do you still get the issue?

We made some changes to how the proxy was configured, and the problem is no longer occurring for us (even without the patch). I'm not sure if that's evidence that the problem was always due to proxy misconfiguration or not. Sorry I can't offer more clarity, but I can't reproduce the problem now to try to determine if the patch is required.

I was having this issue, and patch in #12 fixed it up without any changes to reverse proxy.