Bug #76340
closedAjax response exceeds limit of header section -> Backport #50509 to 6.2.x
0%
Description
Using some "newer" infrastructure of TYPO3 6.2 to make metaseo compatible to 7.6, we were faced with an old problem:
X-JSON header contains a JSON object which can easily exceed a limit of ~8kb for http response headers in full-blown hosting environments.
As a workaround, we had to use jsonbody instead of json (which seems to default to jsonhead in 6.2). This is solved by #50509 in 7.x but the corresponding patch never got backported to 6.2.x (although #50509 shows 6.2.0 as the target version which is wrong). https://github.com/mblaschke/TYPO3-metaseo/issues/233
Plus, I'd rather classify #50509 as a bug (together with this issue) as common hosting environments are easily broken without the patch applied (e.g. jweiland via https://github.com/mblaschke/TYPO3-metaseo/issues/225 ). Plus, was this issue hard to track down (no errors shown to customers to begin with).
This issue contains the risk that when the patch of #50509 is applied to 6.2.x, it could break consumers which expect the JSON object to be in the header ONLY instead of the body. Using the old Ext.JS version 3.4.1.1 we had no problem with that, however.
Updated by Thomas Mayer over 8 years ago
The target version of #50509 should also be corrected to a 7.x release.
Updated by Benni Mack over 8 years ago
Hey Thomas,
main problem is that this is / was a breaking change when we introduced it to v7 a year ago.
While backporting this change to 6.2 would be possible
a) we discourage it because it might break other installations which depend exactly on the payload being tranformed in jsonhead,
b) we have the policy to only backport critical and security-related issues, which this one does not seem too relevant for the majority of people
I am sorry (as I introduced jsonhead being the default back in 4.4 I think) for this bug, but maybe you could XCLASS this functionality to make it work in your 6.2 installation.
I'm afraid this won't make it into 6.2 anymore. Any chance you could upgrade to v7? Otherwise I think you need to stick with a patched 6.2 for the time being.
Updated by Thomas Mayer over 8 years ago
At metaseo, we made the change exactly to go for 7.6, together with PSR-7. So that was the reason why we were affected by #50509 so much time later, still in 6.2 (which we still support).
I accept that this issue will not be fixed for 6.2 because it could break older installations (I already mentioned the risk).
In terms of metaseo, we solved it by not using 'json' (which defaults to 'jsonhead'), in favour of the explicit 'jsonbody'. So the fix is really easy and there is no disadvantage for 7.6. It was just painful to track down what actually went wrong.
Besides that, I'm happy to say that metaseo is compatible to 7.6 already. And 7.6 does not have this issue (76340/50509) at all, as it uses safe defaults.
However, we're still supporting 6.2 at metaseo, which is why some customers of larger TYPO3 hosters were complaining.
Could you please correct the target version in #50509? It just confuses users, at least me. The target version has been 7.2.0 instead of 6.2.0, according to https://github.com/TYPO3/TYPO3.CMS/commit/3124ebb4df25fa3712faa51e1624a2e96c38fe8e (when all branches/tags are displayed, 7.2.0 is the first tagged version with the patch applied).
I also can't find #50509 in
- the list of breaking changes of 7.2 https://wiki.typo3.org/TYPO3.CMS/Releases/7.2/Breaking
- the list of features of 7.2 https://wiki.typo3.org/TYPO3.CMS/Releases/7.2/Feature
Undocumented breaking changes worsen breaking changes => Could you please document 3124ebb4 as a breaking change?
Updated by Wouter Wolters over 8 years ago
- Status changed from New to Closed
Won't be backported. I have set the target version of the other ticket to empty. I do not have the right version anymore in the selector. Clsoing this ticket now.