Project

General

Profile

Actions

Bug #67136

closed

Using pageNotFound handler with a cURL proxy can cause HTTP headers to be displayed

Added by Alexander Rothmund over 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Frontend
Target version:
Start date:
2015-05-26
Due date:
2016-09-30
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

There is an issue when using a cURL proxy alongside a pageNotFound_handling to an URL. Here, 2 blocks of HTTP headers can be returned from the proxy server. Mistakenly, TYPO3 only strips the first and ignores the second block.

Here is the (anonymized) example setup with which I have experienced this issue:

$TYPO3_CONF_VARS['FE']['pageNotFound_handling'] = 'index.php?id=123';

... as well as having configured a cURL proxy:

    'SYS' => array(
        'curlProxyServer' => 'http://proxy.example.org:80/',
        'curlUse' => '1',
    ),

I have analyzed the root of this problem, and have found the following things.

Inside TypoScriptFrontendController::pageErrorHandler, TYPO3 requests the 404 Page with HTTP headers, because it then checks those header for a "Content-Type" header, which would get returned alongside the content - to assure that the correct Content-Type header for the 404 content is returned.

TYPO3 does this by simply reading up to the first empty line.

However, when using a cURL proxy, the response can look like this:

HTTP/1.0 200 Connection Established
Proxy-agent: Apache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 May 2015 16:30:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 190105
Connection: keep-alive
Strict-Transport-Security: max-age=63072000

<!DOCTYPE html>
...

TYPO3 then simply parses the first 2 lines as the header and returns the rest as content which shows HTTP headers to the website users and can break the page layout.

No headers should be returned.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #65801: Headers are visible if URI of pageNotFound_handling has a redirect by .haccessClosed2015-03-18

Actions
Actions

Also available in: Atom PDF