Bug #100197
closed
Remove HTTP_REFERER validity check or logging
100%
Description
With #99920 the HTTP_REFERER check has been fixed. The patch introduced a validity check for the HTTP_REFERER using the $this->redirectUrlValidator->isValid($referer), which however logs warnings if the checked redirect URL is not considered as valid.
So either the check must be removed or the logging.
As an addition, the evaluation of the referer could only be processed, if redirectMode is either referer or refererDomains. This was the previous behavior in ext:felogin, but seems most likely to have been forgotten to be implemented in the extbase version of ext:felogin.
Logging for the validator can temporarily be disabled by adding the following to AdditionalConfiguration.php
$GLOBALS['TYPO3_CONF_VARS']['LOG']['TYPO3']['CMS']['FrontendLogin']['Validation']['RedirectUrlValidator']['writerConfiguration'][\TYPO3\CMS\Core\Log\LogLevel::WARNING] = [];
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78169
Updated by Gerrit Code Review over 1 year ago
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78733
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78733
Updated by Torben Hansen over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4a72d52f6af4b97b839317f80484ec8156f9d82d.
Updated by Chris Müller over 1 year ago
- Related to Bug #100715: felogin redirect mode by http referer is not working added
Updated by