Bug #86346
closed
Hidden pages sent 403 Header
100%
Description
When trying to access a hidden page a 403 Header is sent. This has been introduced in #23178
As a hidden page from the frontend view does not exist, it must sent a 404 header and not a 403 which means it is not accessible due to missing authentication
Updated by Sascha Egerer over 5 years ago
- Related to Bug #23178: Wrong HTTP headers sent when trying to access pages that require login added
Updated by Markus Klein over 5 years ago
"Funny". Reading my patch 10 month later, I realize the wording of "accessible" does not reflect the actual "forbidden" state, but also all the other enable fields.
That's very unfortunate.
On the other hand: The page does exist, you just don't have access if it is hidden or expired. So semantically that's not really wrong. Do you see any SEO consequences?
Updated by Sascha Egerer over 5 years ago
Yes, Google throws lots of “could not access page anymore” errors.
From the Frontend point of view they do not exist. There is no way from the frontend to make them accessible so I would that a 404 must be used.
Updated by Markus Klein over 5 years ago
Okay, so we need to revert #23178. Unfortunate, but necessary.
Updated by Sascha Egerer over 5 years ago
Markus Klein wrote:
Okay, so we need to revert #23178. Unfortunate, but necessary.
Are you sure? I think we do still need some parts of it. The code must just not be 403 for disabled pages but still for non accessible pages (due to frontend group restriction)
Updated by Riccardo De Contardi over 5 years ago
is this related? https://forge.typo3.org/issues/53813
Updated by Markus Klein over 5 years ago
- Related to Feature #53813: Different redirects for different error types in "Page not found" handling added
Updated by Markus Klein over 5 years ago
Technically we can't distinguish those cases currently code-wise. The reason why a page can't be accessed is hidden quite deep in the code. It needs a good amount of refactoring to preserve the reason until the final header is sent.
Updated by Urs Braem over 5 years ago
Maybe related (?): for some custom extbase records, when not existing, I get a 303 immediately followed a redirect to the central 404 page (which then throws the correct 404)
https://www.gendercampus.ch/de/aktuelles/neuigkeiten/nonexistingrecord
Updated by
Updated by Susanne Moog about 4 years ago
- Related to Bug #88957: ID was not an accessible page - on hidden pages although the 404 error handler is configured in the site config added
Updated by Susanne Moog about 4 years ago
- Related to Bug #82036: Missing use of pageNotFound_handling in TypoScriptFrontendController.php, only PageNotFoundException is used. added
Updated by Johannes Seipelt about 4 years ago
For disabled pages I managed to show the content of the 404 error page the same way its used in my site-configuration (multi-site and multi-language) with this added to my AdditionalConfiguration.php (v9):
if (preg_match('/\/en\//', $_SERVER['REQUEST_URI']) || $_GET['L'] == 1) {
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling'] = '/en/404/';
} else {
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling'] = '/de/404/';
}
The status code 403 is ofc still wrong in that case but atleast i can show content to the user and not just the error page (Page Not Found Reason: ID was not an accessible page)
What would be a better way to get it right? these options have been removed in v10 and iam still trying to understand why i can set a error page for 403 with pageNotFound_handling, didnt TYPO3 distinguish between 403/404 in the past? To just set the ErrorHandling for 403 in the site-configuration to the same handling as 404 doesnt seem right to me.
Updated by Gerrit Code Review over 3 years ago
- Status changed from New to Under Review
Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/58829
Updated by Gerrit Code Review over 3 years ago
Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/58829
Updated by Gerrit Code Review over 3 years ago
Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/58829
Updated by Gerrit Code Review over 3 years ago
Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/58829
Updated by Gerrit Code Review over 3 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65815
Updated by Oliver Hader over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 14c742b79b767d99d31fde70112048c7b38c06a3.
Updated by Rémy DANIEL over 3 years ago
- Related to Bug #92762: Accessing a restricted subpage of a sysfolder triggers a 404 instead of 403 added
Updated by Gerrit Code Review over 3 years ago
- Status changed from Closed to Under Review
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66906
Updated by Gerrit Code Review over 3 years ago
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66906
Updated by Gerrit Code Review over 3 years ago
Patch set 3 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66906
Updated by Gerrit Code Review over 3 years ago
Patch set 4 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66906
Updated by Gerrit Code Review about 3 years ago
Patch set 5 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66906
Updated by Benni Mack over 2 years ago
- Status changed from Under Review to Closed
Updated by Evelin no-lastname-given 7 months ago
- Related to Bug #102122: Hidden pages sent 403 Header added