Feature #14344
closeddoNotCheckReferer, perhaps not a bug
0%
Description
If doNotCheckReferer is disabled, form mails might not be sent. I've read about in some forum.
For me, imust say its a bug, because i was searching about 1 day, why some contact mails did not reach us. And we only became knowledge about this, because we installed vts.
Dont misunderstand me, typo3 is great and learned to love it and dont want to use other cms, but this was rather strange to me.
Via vts i found, that plenty of ie users have no referrer, when filling out a form.
So i would like to wish, that in future versions should not be checked the referrer on sending mailform-mails.
Would be pleased about any answer
With very friendly regeardings
Waldo
(issue imported from #M399)
Updated by Michael Stucki about 20 years ago
Do you have a link to that forum article?
Updated by Ingmar Schlecht about 20 years ago
AFAIK Norton Personal Firewall makes the IE hide the referer, which causes the problem described above.
I understand that the checking the referer makes sense for the backend login, but I don't quite understand why it's checked for mailform submissions. So I opt for removing the referer-check for the frontend mailform (actually I never knew it IS checked...).
@Jan-Erik, can you have a look into this?
Updated by old_vi over 19 years ago
This "bug" | "feature" still exists in the 3.8 series. It is not well documented and took me a while to find it out. I gather the reason is that the referrer checking is another way to prevent people from using your form for spamming purposes, however i suggest there be an option to disable this "feature" in the BE.
Updated by Jan-Erik Revsbech over 19 years ago
I have not checked that how often and under what circumstances the problem arises, but if firewalls hide the referrer (sounds plossible to me), then I agree that it should be possible to disable the referer-check in TYPO3.
I'll have a look at it as soon as possible (I'm just about to become a father for the first time, so It might take a few weeks before I get around to it).
Updated by old_vi over 19 years ago
A little clarification. I do know you can disable referer checking globally in the install tool or directly adding the proper line to localconf.php, my suggestion -- in case it was not clear -- is for their to be a way to disable it for various individual sections of the site. The email form being a good example. That way the backend login still does referer checking, etc.
Updated by Helmut Hummel about 13 years ago
- Status changed from Accepted to Closed
- Target version deleted (
0) - TYPO3 Version changed from 3.6.1 to 3.7
Since this is about disabling referrer check for form mails in the FE #14924 is the appropriate bug report. I'd also think that this issue will be resolved with the new FORM object in 4.6