Bug #24125
closed
jumpurl secure links over HTTPS fail in Internet Explorer when BE user logged in
100%
Description
There is a little bug in the jumpurl_secure feature. It may not affect many people but because it is very specific. To reproduce it, these conditions must be met:
- Filelinks with jumpurl_secure enabled
- connection is HTTPS
- browser is Internet Explorer (all Versions)
- Backend user is logged in
When clicking on a link the downloads fails with the following error message: "The requested site is either unavailable or cannot be found"
The reason for this problem can be found in the start() method of the t3lib_userAuth object. For BE users the property "sendNoCacheHeaders" is set to TRUE. This results in a bunch of headers that are sent out to the client. This is the one that let's the jumpURL link fail:
header('Pragma: no-cache');
There are two possible solutions:
The first would be to send out a new header in tslib_fe->jumpUrl if connection is HTTPS:
header('Pragma: private');
Another solution would be to check in the t3lib_userAuth if the connection is HTTPS and then decide weather to user "no-cache" or "private".
If you let me know which solution you prefer I can provide a patch.
(issue imported from #M16466)
Files
Updated by Alexander Stehlik about 13 years ago
Important! If you want to test this bug you have to make sure, that gzip compression is disabled. Otherwise the error doesn't occur.
I realized, that there is another problem with another header:
Cache-Control: no-cache
The problem is known by microsoft and there is a hot fix for it that seems to work (tested with IE8):
http://support.microsoft.com/kb/323308/en-us
As this bug seems to affect all IE Versions I think it should be fixed in TYPO3. I'll attach a patch that improves the header handling in t3lib_userAuth::start. The patch was tested with IE8, Firefox and Google Chrome.
Updated by Mr. Hudson about 13 years ago
Patch set 1 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Mr. Hudson about 13 years ago
Patch set 2 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Mr. Hudson almost 13 years ago
Patch set 3 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Alexander Stehlik over 12 years ago
- Target version deleted (
0)
During testing I realized something else. There is a PHP setting (which seems to be default in Ubuntu), that is called
session.cache_limiter
If this is set to "nocache" (default setting on my system, Ubuntu 11.04) you will also get the error in the Internet Explorer if you use an HTTPS connection.
So when you test this please make sure this is set to an empty string in your php.ini:
session.cache_limiter =
Updated by Mr. Hudson over 12 years ago
Patch set 4 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Mr. Hudson over 12 years ago
Patch set 5 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Thorsten Kahler over 12 years ago
- Category deleted (
Communication) - Status changed from New to Under Review
- PHP Version changed from 5.3 to 5.2
- Complexity set to medium
I came across a similar problem (downloads over HTTPS in IE) (again) today. From what I found your general approach seems correct to me, the details can be discussed in Gerrit.
Updated by Mr. Hudson over 12 years ago
Patch set 6 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417
Updated by Alexander Stehlik over 12 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 337c0df209cbfd5a0c75ac4746ba02db1830f58f.
Updated by Thorsten Kahler over 12 years ago
- Category set to Frontend
- Status changed from Resolved to Under Review
- Assignee set to Thorsten Kahler
- Target version set to 1305
I had to re-submit the patch because I was irritated by the Gerrit UI :-}
Updated by Oliver Hader over 12 years ago
- Target version changed from 1305 to 1341
Updated by Mr. Hudson over 12 years ago
Patch set 2 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Mr. Hudson over 12 years ago
Patch set 3 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Mr. Hudson over 12 years ago
Patch set 1 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/6698
Updated by Mr. Hudson over 12 years ago
Patch set 1 of change I823f72c143d9e5666db2426a5818b96a76d4c39f has been pushed to the review server.
It is available at http://review.typo3.org/6699
Updated by Mr. Hudson over 12 years ago
Patch set 1 of change I814aa8a203ad5fd7cb9404cc6662d1ea0aedc5e8 has been pushed to the review server.
It is available at http://review.typo3.org/6700
Updated by Gerrit Code Review over 12 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Gerrit Code Review over 12 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Gerrit Code Review over 12 years ago
Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/6698
Updated by Gerrit Code Review about 12 years ago
Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Gerrit Code Review about 12 years ago
Patch set 7 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193
Updated by Alexander Stehlik about 12 years ago
- Status changed from Under Review to Resolved
Applied in changeset 082b9b2ee1289ae37a70064606946b57e611b1da.
Updated by 
Updated by
Updated by Christian Eßl about 4 years ago
- Related to Task #90601: Remove old IE https download related hack in AbstractUserAuthentication added