Bug #100938
closed
Display of parent page not working if group access denies specific page
0%
Description
TL;DR;
The TSFE->pageNotFound setting prevents the TSFE to display the unrestricted parent page if the requested page is limited to logged in users.
Everything after the linked line is useless, because of pageNotFound NOT being "0" a PropagateResponseException is will always be thrown.
Full story:
After upgrading a typo3 installation to V11 it seems some default handling regarding the frontend authentication of the requested page did break. The expected behaviour for requesting access-restricted pages is, that the response will contain the first page found in the rootline which is not restricted. The actual behaviour is a 403 error page.
What is the correct migration to achieve the desired behaviour for typo3 v11?
My customer states that the behaviour was differently prior to the V11 upgrade but i can not find the change that causes the bug.
Updated by Philipp Wrann over 1 year ago
As i understand it, the issue could be solved by backporting this feature:
https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/12.0/Feature-97737-PSR-14EventsWhenPageRootlineInFrontendIsResolved.html
Sadly i can not upgrade to V12 in the short-term, too many of our packages do not have support for V12 yet and the project was just upgraded to V11.
Updated by Oliver Hader over 1 year ago
Did you recently upgrade from TYPO3 v8 (or earlier) to TYPO3 v11?
The mentioned behavior (sending 403 for unauthorized access) is the default behavior since at least TYPO3 v9, there are tests for that, documenting this behavior, see https://github.com/TYPO3/typo3/blob/9.5/typo3/sysext/frontend/Tests/Functional/SiteHandling/SiteRequestTest.php#L447-L471
In order to handle this individually, one can use the corresponding settings in the site configuration, e.g. statically or using an individual PHP class implementing PageErrorHandlerInterface, see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/ApiOverview/SiteHandling/ErrorHandling.html
In case this ticket is about proper linking, you might consider using TypoScript property config.typolinkLinkAccessRestrictedPages, which references to the login page in case an access protected page is linked and the current visitor does not have permissions, see https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#typolinklinkaccessrestrictedpages
Updated by Oliver Hader over 1 year ago
- Status changed from New to Needs Feedback
- Tags set to pending-close
Updated by Oliver Hader over 1 year ago
Philipp Wrann wrote in #note-1:
As i understand it, the issue could be solved by backporting this feature:
https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/12.0/Feature-97737-PSR-14EventsWhenPageRootlineInFrontendIsResolved.htmlSadly i can not upgrade to V12 in the short-term, too many of our packages do not have support for V12 yet and the project was just upgraded to V11.
I don't think this is required, since the new PSR-14 events are basically replacing the hooks that existed already before. Thus, it's possible to use those hooks prior to TYPO3 v12.
Updated by Philipp Wrann over 1 year ago
- Priority changed from Should have to -- undefined --
I solved this with the custom 403 error-handler which consists of about 75 lines of code. I don't care about this issue anymore, you can close this. Thank you very much!
Updated by Riccardo De Contardi 10 months ago
- Status changed from Needs Feedback to Closed
Sorry for my late reply; as far as I have understood, the issue can be closed.
If you think that this is the wrong decision or experience the issue again, please reopen it or open a new issue with a reference to this one.
Thank you.