Bug #19223
closed
Redirect type does not redirect when HTTP referrer is an external site
0%
Description
This is essentially a copy of bug 6615, which has been marked as resolved because it's not related to RealURL.
When navigating to page of type External URL, Typo3 renders the page content of the page (empty), instead of redirecting to the external URL - but only when navigating from an external URL (referrer).
Example:
http://www.uniweb.no/domene/registrere-domene/ [^]
The URL above is page type External URL with redirect to http://ordre.uniweb.no/domreg/searchDialogue.action [^]
This will, however, only work if you navigate to this from a page on http://www.uniweb.no, [^] of more precisely, if the referrer is a page/subpage on http://www.uniweb.no. [^]
If there is no referrer/external referrer, Typo3 will render the content of the page.
Here's a workaround using Apache configuration. Adapt the regex to your particular needs. This one does "/firstname.lastname/" for me.
you must enable mod_headers and mod_setenvif.
SetEnvIf Request_URI "^/[\w\-]+.[\w\-]+/?$" typo3bug6615=true
RequestHeader unset referer env=typo3bug6615
(issue imported from #M9182)
Files
Updated by Luc over 15 years ago
I don't know why but this bug seems to be a feature...
There is a check that the referer is equal to the site before doing a redirect. You may deactivate this check by commenting this line in file typo3/sysext/cms/tslib/index_ts.php
// ************************
// Check JumpUrl
// ***********************
$TSFE->setExternalJumpUrl();
#$TSFE->checkJumpUrlReferer(); <--- comment this line
Unless there is a good reason to leave this check (please explain!), could it be removed from the code?
Updated by
Updated by Mike Bretz over 13 years ago
Considering this is a Feature, the checkJumpUrlReferer method should case insensitive compare hostnames:
Referer can include Uppercase hostnames e.g. in Safari! This leads to not redirecting the user even he is "on" the site, but with uppercased hostname parts like WWW.This-Is-My-T3-Website.com.
Therefor you should include this patch:
diff ruw typo3_src-4.4.4.orig typo3_src-4.4.4 typo3_src-4.4.4.orig/typo3/sysext/cms/tslib/class.tslib_fe.php 2010-10-06 10:40:06.000000000 0200
diff -ruw typo3_src-4.4.4.orig/typo3/sysext/cms/tslib/class.tslib_fe.php typo3_src-4.4.4/typo3/sysext/cms/tslib/class.tslib_fe.php
--
++ typo3_src-4.4.4/typo3/sysext/cms/tslib/class.tslib_fe.php 2010-11-19 11:06:36.000000000 0100@ -2619,7 +2619,7 @
function checkJumpUrlReferer() {
if (strlen($this->jumpurl) && !$this->TYPO3_CONF_VARS['SYS']['doNotCheckReferer']) {
$referer = parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
- if (isset($referer['host']) && !($referer['host'] == t3lib_div::getIndpEnv('TYPO3_HOST_ONLY'))) {
if (isset($referer['host']) && (strcasecmp($referer['host'], t3lib_div::getIndpEnv('TYPO3_HOST_ONLY')) != 0)) {
unset($this->jumpurl);
}
}
Updated by Boris Hinzer over 13 years ago
The same problem exists if you try to switch two domains within TYPO3 with the language selector and you have links to external urls set as an alternative language inside a page:
Updated by Xavier Perseguers about 12 years ago
- Assignee deleted (
Steffen Kamper) - Target version deleted (
0)
Updated by Alexander Opitz almost 11 years ago
- Status changed from Accepted to Needs Feedback
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz over 10 years ago
- Status changed from Needs Feedback to Closed
- Is Regression set to No
No feedback for over 90 days.
Updated by 
Updated by Stefan Kaufmann over 10 years ago
and in 6.1.7
When page type is 'external url' and page is in menu, then the redirect to the external url does not work. Only after second click and when cached? it works...
Updated by Tobias Klepp over 9 years ago
I have the same problem in TYPO3 6.2.4. I have a multi site installation and I included some footer links of type external url from another domain. The links rendered absolute but the redirect not working. The referer check forbidden this. I deactivate ther referrer check in the localconfiguration
[SYS][doNotCheckReferer] = 1
But I'm not shure, if this is problematic for security or other reasons.
Updated by David Bruchmann over 7 years ago
- TYPO3 Version changed from 4.1 to 6.2
Just stumbled upon this bug in TYPO3 Version 6.2.27.
Updated by Riccardo De Contardi over 7 years ago
- Status changed from Closed to New
Hi and thank you for your report, I am reopening this issue.
Could you verify if this bug also affects version 7.6.x or 8 ? Thank you!
Updated by Susanne Moog over 6 years ago
- Category set to System/Bootstrap/Configuration
- Sprint Focus set to PRC
Updated by Riccardo De Contardi about 6 years ago
- File Schermata 2018-04-15 alle 11.38.41.png Schermata 2018-04-15 alle 11.38.41.png added
- Status changed from New to Needs Feedback
Hi,
As far as I can remember, since version 7.6.x the "external url" pagetype does not perform a redirection in HMENU. I also tried to perform the following test on TYPO3 version 8.7.12:
1) create a page (ID=52), set type = external url, set the url to www.google.com
2) a standard HMENU on page just renders http://www.google.com inside the href
3) If I type the URL http://typo3.8.test.it:8888/index.php?id=52 the browser will directly go to www.google.com. It is a 303 - see attached screenshot for the details
Do you think it is sufficient to consider the issue closed? Could you write a step-by-step guide about how to reproduce it on newer TYPO3 versions like 7.6.x, 8.7.x or 9.2? Thank you!
Updated by Benni Mack over 5 years ago
- Status changed from Needs Feedback to Rejected
Closed. No feedback for 6 months, if you want to open up a new ticket please. On top, I'm pretty sure this is fixed in v9 with the new site handling.
Updated by Benni Mack about 4 years ago
- Sprint Focus changed from PRC to Needs Decision