Project

General

Profile

Actions

Bug #24125

closed

jumpurl secure links over HTTPS fail in Internet Explorer when BE user logged in

Added by Alexander Stehlik about 14 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Category:
Frontend
Target version:
-
Start date:
2010-11-18
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

There is a little bug in the jumpurl_secure feature. It may not affect many people but because it is very specific. To reproduce it, these conditions must be met:

  • Filelinks with jumpurl_secure enabled
  • connection is HTTPS
  • browser is Internet Explorer (all Versions)
  • Backend user is logged in

When clicking on a link the downloads fails with the following error message: "The requested site is either unavailable or cannot be found"

The reason for this problem can be found in the start() method of the t3lib_userAuth object. For BE users the property "sendNoCacheHeaders" is set to TRUE. This results in a bunch of headers that are sent out to the client. This is the one that let's the jumpURL link fail:

header('Pragma: no-cache');

There are two possible solutions:

The first would be to send out a new header in tslib_fe->jumpUrl if connection is HTTPS:
header('Pragma: private');

Another solution would be to check in the t3lib_userAuth if the connection is HTTPS and then decide weather to user "no-cache" or "private".

If you let me know which solution you prefer I can provide a patch.

(issue imported from #M16466)


Files

typo3-16466b-jumpurl_ssl-v2.diff (1.09 KB) typo3-16466b-jumpurl_ssl-v2.diff Administrator Admin, 2011-02-04 11:56

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Story #28743: Add method to send no-cache HTTP headersRejected2011-08-04

Actions
Related to TYPO3 Core - Task #90601: Remove old IE https download related hack in AbstractUserAuthenticationRejected2020-02-29

Actions
Actions

Also available in: Atom PDF