Project

General

Profile

Actions

Bug #100058

open

Upgrade issue from v10 to v11 in legacy install with TrustedHostPattern

Added by Julien Savard over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Start date:
2023-03-01
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:
Needs Decision

Description

Description :
At the end of the upgrade Wizard from v10 to v11 when everything is done it seems the TrustedHostPattern expect a new value.
TrustedHostPattern value was (in v10 before upgrade) :

'trustedHostsPattern' => 'smto-typo.acc.internal.tld|app.smto-typo.acc.internal.tld|lb.smto-typo.acc.internal.tld|rp.smto-typo.acc.internal.tld|www.qual.external.tld|www.acc.external.tld'

TrustedHostPattern expected in the "Whoops"

'trustedHostsPattern' => 'app.www.acc.internal.tld',

internal.tld and external.tld are "censored" placeholder of my real domains.

Step to reproduce :
- Having a typo3 v10 legacy install
- Untar typo3_src-11.5.24.tar.gz in /var/www/html
- Remove symlink /var/www/html/public/typo3_src ( target = ../typo3_src-10.4.36 )
- Create symlink /var/www/html/public/typo3_src ( target = ../typo3_src-11.5.24 )
- touch /var/www/html/public/ENABLE_INSTALL_TOOL
- chown apache:apache ENABLE_INSTALL_TOOL
- run upgrade Wizard
- Try to log into backend
- cry with a whoops

Workaround :
Add the new URL in the TrustedHostPattern variable

Actions #1

Updated by Oliver Hader over 1 year ago

Are there any hints in the typo3_*.log log files in typo3temp/var/logs/?

Workaround :
Add the new URL in the TrustedHostPattern variable

What is the "new URL", and what has been the value before?
Did you try putting the names in in braces, like 'trustedHostsPattern' => '(first\.example\.org|second\.example\.org)'?

Actions #2

Updated by Julien Savard over 1 year ago

Hi,
as written in the description :

TrustedHostPattern value was (in v10 before upgrade) :

'trustedHostsPattern' => 'smto-typo.acc.internal.tld|app.smto-typo.acc.internal.tld|lb.smto-typo.acc.internal.tld|rp.smto-typo.acc.internal.tld|www.qual.external.tld|www.acc.external.tld'

TrustedHostPattern expected in the "Whoops" 

'trustedHostsPattern' => 'app.www.acc.internal.tld',

internal.tld and external.tld are "censored" placeholder of my real domains.

I may add that the typo site is behind a reverse proxy. The public available url site is www.acc.external.tld. It was called by the reverse proxy with app.smto-typo.acc.internal.tld but it seems after v11 it expect to be called on app.www.acc.internal.tld.

Did you try putting the names in in braces ? -> No backslash were added in the TrustedHostPattern in V10 and it was working. If I recall well, I did try to add backslash before dot in v11 but I still got a "Whoops".

Actions #3

Updated by Julien Savard over 1 year ago

  • Description updated (diff)
Actions #4

Updated by Oliver Hader over 1 year ago

  • Assignee deleted (Oliver Hader)
Actions

Also available in: Atom PDF