Feature #14924
closed
Allow different referers for formmails and front end data submission
0%
Description
When sending a formmail TYPO3 checks if the referer hostname is equal to the TYPO3_HOST_ONLY environment variable. You can switch this off completely by setting TYPO3_CONF_VARS['SYS']['doNotCheckReferer'].
I added an option to let TYPO3 accept specific other hosts as referer. I use this to send a mail through a portlet on another server which includes a part of a TYPO3 page with a form. Through this feature I don't have to deactivate the referer check totally.
To realize this, i patched tslib_fe.php.
To set the accepted hostnames, simply set up a comma separated list of them in localconf.php:
TYPO3_CONF_VARS['SYS']['trustedReferers'] = 'www.example1.org,www.example2.org';
(issue imported from #M1373)
Files
Updated by Sebastian Kurfuerst over 18 years ago
Hi,
I would not include the patch as-is, as doNotCheckReferer is used in many places in the typo3 core, but the trustedReferers configuration directive only affects mailforms. As long as the the trustedReferers setting is not taken into account throughout the whole core, I would not add this setting to TYPO3.
Are you interested to change the other places as well?
Greets, Sebastian
Updated by Helmut Hummel about 13 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
0) - TYPO3 Version changed from 3.8.0 to 4.0
- PHP Version deleted (
4) - Complexity set to easy
The Patch seems totally unrelated to that topic.
Besides that, the problem will be solved with the new FORM object in 4.6 and for other TYPO3 versions there are lots of extensions that de facto replaced the old FORM mail.
I would close this bug after a grace period of a few weeks, if no further feedback is provided if we still need to change sth. here
Updated by
Updated by Thorsten Kahler almost 13 years ago
- Status changed from Needs Feedback to Rejected
Helmuts "few weeks" are over and since there were no other statements about this issue I close it now.