Bug #24125

jumpurl secure links over HTTPS fail in Internet Explorer when BE user logged in

Added by Alexander Stehlik over 8 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Should have
Category:
Frontend
Target version:
-
Start date:
2010-11-18
Due date:
% Done:

100%

TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

There is a little bug in the jumpurl_secure feature. It may not affect many people but because it is very specific. To reproduce it, these conditions must be met:

  • Filelinks with jumpurl_secure enabled
  • connection is HTTPS
  • browser is Internet Explorer (all Versions)
  • Backend user is logged in

When clicking on a link the downloads fails with the following error message: "The requested site is either unavailable or cannot be found"

The reason for this problem can be found in the start() method of the t3lib_userAuth object. For BE users the property "sendNoCacheHeaders" is set to TRUE. This results in a bunch of headers that are sent out to the client. This is the one that let's the jumpURL link fail:

header('Pragma: no-cache');

There are two possible solutions:

The first would be to send out a new header in tslib_fe->jumpUrl if connection is HTTPS:
header('Pragma: private');

Another solution would be to check in the t3lib_userAuth if the connection is HTTPS and then decide weather to user "no-cache" or "private".

If you let me know which solution you prefer I can provide a patch.

(issue imported from #M16466)

typo3-16466b-jumpurl_ssl-v2.diff View (1.09 KB) Administrator Admin, 2011-02-04 11:56


Related issues

Related to TYPO3 Core - Story #28743: Add method to send no-cache HTTP headers Rejected 2011-08-04

Associated revisions

Revision 337c0df2 (diff)
Added by Alexander Stehlik almost 8 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if Internet
Explorer is used when downloading files through PHP.

Resolves: #24125
Releases: 4.3, 4.4, 4.5

Change-Id: I9ebe84174256263b8b0cae6cf9db58da76985a96
Reviewed-on: http://review.typo3.org/1417
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Thorsten Kahler

Revision 082b9b2e (diff)
Added by Alexander Stehlik over 7 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I94a3f1b7f05e15cef23519f76127114251a3eabc
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/4193
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Revision 93007881 (diff)
Added by Alexander Stehlik over 7 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I94a3f1b7f05e15cef23519f76127114251a3eabc
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/6698
Reviewed-by: Stefan Neufeind
Reviewed-by: Sebastian Fischer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Revision f2b9f516 (diff)
Added by Alexander Stehlik over 7 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I823f72c143d9e5666db2426a5818b96a76d4c39f
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/6699
Reviewed-by: Georg Grossberger
Tested-by: Georg Grossberger
Reviewed-by: Sebastian Fischer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Revision 57629aa0 (diff)
Added by Alexander Stehlik over 7 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I6ea83c216ce7859f19ae7347cac1d06e9f9bcd93
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/9454
Reviewed-by: Stefan Neufeind
Reviewed-by: Sebastian Fischer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers

Revision d14ea9e7 (diff)
Added by Alexander Stehlik about 7 years ago

[BUGFIX] Send no-cache headers in t3lib_userauth

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I5c3a2589e5ec114e6a495590c0a6e7109be8ade5
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/9453
Reviewed-by: Stefan Neufeind
Reviewed-by: Sebastian Fischer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

History

#1 Updated by Alexander Stehlik over 8 years ago

Important! If you want to test this bug you have to make sure, that gzip compression is disabled. Otherwise the error doesn't occur.

I realized, that there is another problem with another header:
Cache-Control: no-cache

The problem is known by microsoft and there is a hot fix for it that seems to work (tested with IE8):
http://support.microsoft.com/kb/323308/en-us

As this bug seems to affect all IE Versions I think it should be fixed in TYPO3. I'll attach a patch that improves the header handling in t3lib_userAuth::start. The patch was tested with IE8, Firefox and Google Chrome.

#2 Updated by Mr. Hudson about 8 years ago

Patch set 1 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#3 Updated by Mr. Hudson about 8 years ago

Patch set 2 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#4 Updated by Mr. Hudson about 8 years ago

Patch set 3 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#5 Updated by Alexander Stehlik almost 8 years ago

  • Target version deleted (0)

During testing I realized something else. There is a PHP setting (which seems to be default in Ubuntu), that is called

session.cache_limiter

If this is set to "nocache" (default setting on my system, Ubuntu 11.04) you will also get the error in the Internet Explorer if you use an HTTPS connection.

So when you test this please make sure this is set to an empty string in your php.ini:

session.cache_limiter = 

#6 Updated by Mr. Hudson almost 8 years ago

Patch set 4 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#7 Updated by Mr. Hudson almost 8 years ago

Patch set 5 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#8 Updated by Thorsten Kahler almost 8 years ago

  • Category deleted (Communication)
  • Status changed from New to Under Review
  • PHP Version changed from 5.3 to 5.2
  • Complexity set to medium

I came across a similar problem (downloads over HTTPS in IE) (again) today. From what I found your general approach seems correct to me, the details can be discussed in Gerrit.

#9 Updated by Mr. Hudson almost 8 years ago

Patch set 6 of change I9ebe84174256263b8b0cae6cf9db58da76985a96 has been pushed to the review server.
It is available at http://review.typo3.org/1417

#10 Updated by Alexander Stehlik almost 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#11 Updated by Thorsten Kahler almost 8 years ago

  • Category set to Frontend
  • Status changed from Resolved to Under Review
  • Assignee set to Thorsten Kahler
  • Target version set to 1305

I had to re-submit the patch because I was irritated by the Gerrit UI :-}

#12 Updated by Oliver Hader almost 8 years ago

  • Target version changed from 1305 to 1341

#13 Updated by Mr. Hudson almost 8 years ago

Patch set 2 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/4193

#14 Updated by Mr. Hudson almost 8 years ago

Patch set 3 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/4193

#15 Updated by Mr. Hudson over 7 years ago

Patch set 1 of change I94a3f1b7f05e15cef23519f76127114251a3eabc has been pushed to the review server.
It is available at http://review.typo3.org/6698

#16 Updated by Mr. Hudson over 7 years ago

Patch set 1 of change I823f72c143d9e5666db2426a5818b96a76d4c39f has been pushed to the review server.
It is available at http://review.typo3.org/6699

#17 Updated by Mr. Hudson over 7 years ago

Patch set 1 of change I814aa8a203ad5fd7cb9404cc6662d1ea0aedc5e8 has been pushed to the review server.
It is available at http://review.typo3.org/6700

#18 Updated by Gerrit Code Review over 7 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193

#19 Updated by Gerrit Code Review over 7 years ago

Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193

#20 Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/6698

#21 Updated by Gerrit Code Review over 7 years ago

Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193

#22 Updated by Gerrit Code Review over 7 years ago

Patch set 7 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/4193

#23 Updated by Alexander Stehlik over 7 years ago

  • Status changed from Under Review to Resolved

#24 Updated by Ernesto Baschny about 6 years ago

  • Target version deleted (1341)

#25 Updated by Benni Mack 9 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF