http://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692010-07-15T16:07:48ZTYPO3 ForgeTYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=574042010-07-15T16:07:48ZIngo Renneringo@typo3.org
<ul></ul><p>The solution for this issue may result in being able to remove the $TYPO3_CONF_VARS['FE']['pageNotFound_handling_statheader'] option if we are always sending the correct headers.</p>
<p>Need to check whether there are more places where this option is used...</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=574052010-07-20T10:46:26ZDmitry Dulepov
<ul></ul><p>TYPO3 treats such cases as "not found", not as "access denied". I am not sure why but it is historical (since 3.x I think). It makes sense from security point of view because "access denied" tells that something is there but "page not found" does not reveal that protected content exists. This is called "security by obscurity".</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=574062010-08-24T12:15:38ZHassan Aithassan.aitabdellah@gmail.com
<ul></ul><p>Thanks Ingo, I've just tested your fix and it works fine for me (TYPO3 Version: 4.3). What about the fact to add a different page error for unauthorized pages. I made a test with the following code and it works for me. It supposes to add a new parameter [FE][pageUnauthorized_handling]</p>
<p>Index: typo3/sysext/cms/tslib/class.tslib_fe.php</p>
<p>function pageNotFoundAndExit($reason='', $header='') {<br /> $header = $header ? $header : $this->TYPO3_CONF_VARS['FE']['pageNotFound_handling_statheader'];<br /> if ($this->pageNotFound === 1 || $this->pageNotFound === 2) {<br /> $code=($this->TYPO3_CONF_VARS['FE']['pageUnauthorized_handling']) ? $this->TYPO3_CONF_VARS['FE']['pageUnauthorized_handling'] : $this->TYPO3_CONF_VARS['FE']['pageNotFound_handling'];<br /> }<br /> else {<br /> $code=$this->TYPO3_CONF_VARS['FE']['pageNotFound_handling'];<br /> }<br /> $this->pageNotFoundHandler($code, $header, $reason);<br /> exit;<br />}</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1115442012-04-11T22:01:19ZIngo Renneringo@typo3.org
<ul><li><strong>Category</strong> deleted (<del><i>Communication</i></del>)</li><li><strong>Assignee</strong> set to <i>Ingo Renner</i></li><li><strong>Target version</strong> deleted (<del><i>0</i></del>)</li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1115482012-04-11T22:35:35ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Under Review</i></li></ul><p>Patch set 1 for branch <strong>master</strong> has been pushed to the review server.<br />It is available at <a class="external" href="http://review.typo3.org/10281">http://review.typo3.org/10281</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1115522012-04-11T22:54:16ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>master</strong> has been pushed to the review server.<br />It is available at <a class="external" href="http://review.typo3.org/10281">http://review.typo3.org/10281</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1115552012-04-11T23:00:24ZIngo Renneringo@typo3.org
<ul><li><strong>Target version</strong> set to <i>6.0.0</i></li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1125802012-04-16T19:23:56ZGerrit Code Review
<ul></ul><p>Patch set 3 for branch <strong>master</strong> has been pushed to the review server.<br />It is available at <a class="external" href="http://review.typo3.org/10281">http://review.typo3.org/10281</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1125832012-04-16T19:28:54ZGerrit Code Review
<ul></ul><p>Patch set 4 for branch <strong>master</strong> has been pushed to the review server.<br />It is available at <a class="external" href="http://review.typo3.org/10281">http://review.typo3.org/10281</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=1791052013-08-27T02:23:54ZGerrit Code Review
<ul></ul><p>Patch set 5 for branch <strong>master</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/10281">https://review.typo3.org/10281</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=2405182014-12-14T17:08:32ZChristian Kuhnlolli@schwarzbu.ch
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>New</i></li><li><strong>Is Regression</strong> set to <i>No</i></li></ul><p>The pending patch was abandoned after some discussion.</p>
<p>The solution should be different and needs a new approach. Some hints on how this could be solved are given in the abandoned patch for anyone who wants to pick this issue up again and re-push a new solution.</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=2859352015-11-12T18:06:51ZMathias Schreibermathias.schreiber@typo3.com
<ul><li><strong>Target version</strong> deleted (<del><i>6.0.0</i></del>)</li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3498792017-10-29T16:54:01ZSusanne Moogsusanne.moog@typo3.org
<ul><li><strong>Category</strong> set to <i>Link Handling, Site Handling & Routing</i></li><li><strong>Assignee</strong> deleted (<del><i>Ingo Renner</i></del>)</li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3498852017-10-29T18:26:32ZMarkus Kleinmarkus.klein@typo3.org
<ul></ul><p>This must be a 403 header. 401 must only be used together with http-authentication header, not custom authentication within PHP.</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3498882017-10-29T18:37:58ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Under Review</i></li></ul><p>Patch set 1 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54495">https://review.typo3.org/54495</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3499412017-10-30T21:02:47ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54495">https://review.typo3.org/54495</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3514802017-11-24T22:21:01ZBenni Mackbenni@typo3.org
<ul><li><strong>Sprint Focus</strong> set to <i>On Location Sprint</i></li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518202017-11-27T23:07:49ZGerrit Code Review
<ul></ul><p>Patch set 3 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54495">https://review.typo3.org/54495</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518372017-11-28T00:37:12ZMarkus Kleinmarkus.klein@typo3.org
<ul><li><strong>Assignee</strong> set to <i>Markus Klein</i></li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518482017-11-28T08:59:51ZGerrit Code Review
<ul></ul><p>Patch set 1 for branch <strong>TYPO3_8-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54814">https://review.typo3.org/54814</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518502017-11-28T09:00:04ZMarkus Kleinmarkus.klein@typo3.org
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[BUGFIX] Set correct HTTP header when page access is denied Accessing an existing page with insu..." href="http://forge.typo3.org/projects/typo3cms-core/repository/1749/revisions/2ba1bc316e04606ed4a82f8cb257fcb71201607e">2ba1bc316e04606ed4a82f8cb257fcb71201607e</a>.</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518622017-11-28T09:53:18ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Under Review</i></li></ul><p>Patch set 2 for branch <strong>TYPO3_8-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54814">https://review.typo3.org/54814</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518822017-11-28T11:14:52ZGerrit Code Review
<ul></ul><p>Patch set 3 for branch <strong>TYPO3_8-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54814">https://review.typo3.org/54814</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518882017-11-28T11:30:50ZGerrit Code Review
<ul></ul><p>Patch set 4 for branch <strong>TYPO3_8-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54814">https://review.typo3.org/54814</a></p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3518972017-11-28T12:00:04ZMarkus Kleinmarkus.klein@typo3.org
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>Resolved</i></li></ul><p>Applied in changeset <a class="changeset" title="[BUGFIX] Set correct HTTP header when page access is denied Accessing an existing page with insu..." href="http://forge.typo3.org/projects/typo3cms-core/repository/1749/revisions/bb39b2263acca70ad4cd78e787da9edfc332c767">bb39b2263acca70ad4cd78e787da9edfc332c767</a>.</p> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3740472018-09-21T11:15:00ZSascha Egerer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/86346">Bug #86346</a>: Hidden pages sent 403 Header</i> added</li></ul> TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginhttp://forge.typo3.org/issues/23178?journal_id=3857692018-10-02T12:24:02ZBenni Mackbenni@typo3.org
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>