Bug #37400
When "Access denied" message is shown, a HTTP/1.1 403 header should be send as well.
| Status: | On Hold | Start date: | 2012-05-22 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Code Creation | |||
| Target version: | - | |||
| Votes: | 0 |
Description
The Extension Builder inserts the following code on the first lines of certain file it creates:
if (!defined ('TYPO3_MODE')) {
die ('Access denied.');
}
This works well, of course, but a HTTP/1.1 403 Forbidden header should be send along also.
I propose the Extension Builder inserts the following php into all of the files described above:
if (!defined ('TYPO3_MODE')) {
header('HTTP/1.1 403 Forbidden');
die ('Access denied.');
}
I've added a patch, for your convenience.
History
Updated by Nico de Haen 11 months ago
- Status changed from New to Needs Feedback
Hi Mathhias,
can you give a reason, why we the header should be sent?
regards,
Nico
Updated by Steffen Müller 11 months ago
It's simply a more proper usage of HTTP protocol.
HTTP Header allows robots (e.g. googlebot) to understand the response, not only humans. E.g. googlebot will not index this page if 403 response code is used.
Updated by Steffen Gebert 11 months ago
throw new t3lib_error_http_ForbiddenException()
Updated by Nico de Haen 8 months ago
- Status changed from Needs Feedback to On Hold