Bug #24125
closedjumpurl secure links over HTTPS fail in Internet Explorer when BE user logged in
100%
Description
There is a little bug in the jumpurl_secure feature. It may not affect many people but because it is very specific. To reproduce it, these conditions must be met:
- Filelinks with jumpurl_secure enabled
- connection is HTTPS
- browser is Internet Explorer (all Versions)
- Backend user is logged in
When clicking on a link the downloads fails with the following error message: "The requested site is either unavailable or cannot be found"
The reason for this problem can be found in the start() method of the t3lib_userAuth object. For BE users the property "sendNoCacheHeaders" is set to TRUE. This results in a bunch of headers that are sent out to the client. This is the one that let's the jumpURL link fail:
header('Pragma: no-cache');
There are two possible solutions:
The first would be to send out a new header in tslib_fe->jumpUrl if connection is HTTPS:
header('Pragma: private');
Another solution would be to check in the t3lib_userAuth if the connection is HTTPS and then decide weather to user "no-cache" or "private".
If you let me know which solution you prefer I can provide a patch.
(issue imported from #M16466)
Files