Bug #86381

Backend SSL forwarding does not work

Added by Thomas Schur Schur over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2018-09-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When I activate SSL forwarding in the backend:
LocalConfiguration.php: ['BE']['lockSSL'] => true,

Then a forwarding is made in this function:
\TYPO3\CMS\Backend\Middleware\ForcedHttpsBackendRedirector::process()
Line 48: $request->getAttribute('normalizedParams')->getSiteUrl()

The siteUrl is filled by this method:
$result = \TYPO3\CMS\Core\Http\NormalizedParams::determineSiteUrl(
'http://www.typo3cms9.vm/',
'/typo3cms9/public/typo3/index.php',
'/typo3cms9/public/'
);
And is this here with me:
$result = 'http://www.typo3cm/';

Would not it be better to use parse-url for this method?
http://php.net/manual/en/function.parse-url.php

TYPO3 v9.4.0


Related issues

Related to TYPO3 Core - Bug #89312: NormalizedParams->getSiteUrl() contains PHP script wrapperClosed2019-09-30

Actions
#1

Updated by Georg Ringer over 2 years ago

  • Status changed from New to Needs Feedback

can't reproduce that with current master, can you retest with master as well? thanks!

#2

Updated by Thomas Schur Schur over 2 years ago

Georg Ringer wrote:

can't reproduce that with current master, can you retest with master as well? thanks!

How can I update to the current master to test it?
I am using composer and can not require dev-master:

"require": {
"fluidtypo3/flux": "^9.0",
"fluidtypo3/vhs": "^5.0",
"typo3/minimal": "^9.4",
"typo3/cms-fluid-styled-content": "^9.4",
"typo3/cms-tstemplate": "^9.4",
"typo3/cms-info": "^9.4",
"typo3/cms-scheduler": "^9.4",
"typo3/cms-reports": "^9.4",
"typo3/cms-rsaauth": "^9.4",
"typo3/cms-belog": "^9.4",
"typo3/cms-beuser": "^9.4",
"typo3/cms-setup": "^9.4"
}
#3

Updated by Benni Mack over 2 years ago

Use

"typo3/cms-scheduler": "dev-master as 9.4.0",

and for all other typo3/cms package to go with latest master.

#4

Updated by Thomas Schur Schur over 2 years ago

The problem persists with me.
Did you test that with the variables in the ticket?
Maybe it is because of what comes in?

composer.json (Cutted):

"require": {
"fluidtypo3/flux": "^9.0",
"fluidtypo3/vhs": "^5.0",
"typo3/minimal": "dev-master",
"typo3/cms-fluid-styled-content": "dev-master",
"typo3/cms-tstemplate": "dev-master",
"typo3/cms-info": "dev-master",
"typo3/cms-scheduler": "dev-master as 9.4.0",
"typo3/cms-reports": "dev-master",
"typo3/cms-rsaauth": "dev-master",
"typo3/cms-belog": "dev-master",
"typo3/cms-beuser": "dev-master",
"typo3/cms-setup": "dev-master",
"typo3/cms-backend": "9.5.*@dev",
"typo3/cms-core": "9.5.*@dev",
"typo3/cms-extbase": "9.5.*@dev",
"typo3/cms-extensionmanager": "9.5.*@dev",
"typo3/cms-filelist": "9.5.*@dev",
"typo3/cms-fluid": "9.5.*@dev",
"typo3/cms-frontend": "9.5.*@dev",
"typo3/cms-install": "9.5.*@dev",
"typo3/cms-recordlist": "9.5.*@dev"
}

composer update (Cutted):

- Updating typo3/phar-stream-wrapper (v1.0.1 => v3.0.0): Downloading (100%)
- Installing typo3/cms-core (dev-master e4df18c): Cloning e4df18cd15 from cache
- Installing typo3/cms-recordlist (dev-master 1cdd933): Cloning 1cdd933176 from cache
- Installing typo3/cms-extbase (dev-master bbd400e): Cloning bbd400ecc4 from cache
- Installing typo3/cms-fluid (dev-master d8d7a06): Cloning d8d7a066d0 from cache
- Installing typo3/cms-install (dev-master d16c743): Cloning d16c7432f7 from cache
- Installing typo3/cms-frontend (dev-master e368be8): Cloning e368be8b82 from cache
- Installing typo3/cms-filelist (dev-master e2a011d): Cloning e2a011d668 from cache
- Installing typo3/cms-extensionmanager (dev-master e67378e): Cloning e67378e21c from cache
- Installing typo3/cms-backend (dev-master 389829b): Cloning 389829bccf from cache
- Installing typo3/cms-fluid-styled-content (dev-master 56ac706): Cloning 56ac706665 from cache
- Installing typo3/cms-tstemplate (dev-master 0bbf279): Cloning 0bbf279232 from cache
- Installing typo3/cms-info (dev-master 7f789a2): Cloning 7f789a25aa from cache
- Installing typo3/cms-scheduler (dev-master 69306b9): Cloning 69306b9feb from cache
- Installing typo3/cms-reports (dev-master 523d2e5): Cloning 523d2e56cb from cache
- Installing typo3/cms-rsaauth (dev-master f3fb8a0): Cloning f3fb8a0458 from cache
- Installing typo3/cms-belog (dev-master ed9412e): Cloning ed9412e12a from cache
- Installing typo3/cms-beuser (dev-master b9cc535): Cloning b9cc535217 from cache
- Installing typo3/cms-setup (dev-master 8cdab94): Cloning 8cdab949c1 from cache
#5

Updated by Benni Mack over 1 year ago

Hmm, yes. I have seen such a behavior with special handling of apache2 or nginx configuration. Can you share your server configuration (especially the try_files on nginx and everything related to URL rewrites)?

#6

Updated by Benni Mack over 1 year ago

  • Related to Bug #89312: NormalizedParams->getSiteUrl() contains PHP script wrapper added
#7

Updated by Thomas Schur Schur over 1 year ago

Benni Mack wrote:

Hmm, yes. I have seen such a behavior with special handling of apache2 or nginx configuration. Can you share your server configuration (especially the try_files on nginx and everything related to URL rewrites)?

I no longer use the virtual machine. In development, I now use Docker and enforce https everywhere.
I made a little video to make it a little easier to watch. Recorded with 1080p.

https://youtube.com/watch?v=f8VNQxGAI1s

There is apache and nginx on the server.
If configured, the nginx forwards the apache website to the apache server.
Otherwise the nginx is always responsible.

  • typo3demo.vm - nginx wildcard
  • apache-demo.vm - nginx redirects to apache
  • nginx-demo.vm - nginx direct

The bug seems to be due to the Nginx because it works with Apache.

If you want to try it out for yourself, this will help you:

Note: https://github.com/Cyb10101/dev-vm-linux/
Note: https://github.com/Cyb10101/dev-vm-linux/blob/master/usage.md

Download: https://netslum.de/download/dev-vm-linux/UbuntuDev2018_2019-01-19.ova

  • Import OVA in VirtualBox
  • Note: Set Network bridge
  • Run Virtual Machine
  • Login: user
  • Password: user
  • Get IP: ip a | grep inet
  • Note: Recommend to login via SSH, because this is a deprecated project and VirtualBox shell talks too much
  • Edit local (not VM -> Real PC) hosts: 192.168.178.115 typo3demo.vm apache-demo.vm nginx-demo.vm
  • Note: If you want explizit http server add: apache-demo.vm nginx-demo.vm
  • cd /var/www/typo3demo/public
  • vim typo3conf/LocalConfiguration.php
  • Line: 5 ([BE][lockSSL] = true)
  • 'lockSSL' => true,
  • Surf to: http://typo3demo.vm/typo3/
  • Error appears
  • vim typo3/sysext/backend/Classes/Middleware/ForcedHttpsBackendRedirector.php
  • Line: 50
    var_dump($request->getAttribute('normalizedParams')->getSiteUrl());
    var_dump('https://' . $server . $sslPortSuffix . '/' . $address);
    exit();
  • Surf to: http://typo3demo.vm/typo3/
  • Debug messages appears
#8

Updated by Benni Mack over 1 year ago

Hey Thomas,

great. Thanks for your feedback. We've just merged a change in 9.5.x-dev and master which should hopefully solve your issue as well!

#9

Updated by Thomas Schur Schur over 1 year ago

Hi, I don't know how to get the "9.5.x-dev" branch.

Problem 1
- The requested package typo3/minimal 9.5.x-dev exists as typo3/minimal[10.0.x-dev, ..., 9.0.x-dev, dev-master, 10.4.x-dev, ..., v9.4.0, v9.5.0] but these are rejected by your constraint.

"require": {
"helhum/typo3-console": "^5.5.5",
"typo3/minimal": "9.5.x-dev",
"typo3/cms-about": "9.5.x-dev",
"typo3/cms-adminpanel": "9.5.x-dev",
"typo3/cms-belog": "9.5.x-dev",
"typo3/cms-beuser": "9.5.x-dev",
"typo3/cms-felogin": "9.5.x-dev",
"typo3/cms-fluid-styled-content": "9.5.x-dev",
"typo3/cms-form": "9.5.x-dev",
"typo3/cms-impexp": "9.5.x-dev",
"typo3/cms-info": "9.5.x-dev",
"typo3/cms-redirects": "9.5.x-dev",
"typo3/cms-reports": "9.5.x-dev",
"typo3/cms-rte-ckeditor": "9.5.x-dev",
"typo3/cms-setup": "9.5.x-dev",
"typo3/cms-seo": "9.5.x-dev",
"typo3/cms-sys-note": "9.5.x-dev",
"typo3/cms-t3editor": "9.5.x-dev",
"typo3/cms-tstemplate": "9.5.x-dev",
"typo3/cms-viewpage": "9.5.x-dev"
},

And if I do it myself, I only get error messages in the sys_log.

But it seems to have been fixed in a later update:

- Removing symfony/contracts (v1.0.2)
- Removing psr/simple-cache (1.0.1)
- Removing mso/idna-convert (v1.1.0)
- Removing doctrine/reflection (v1.0.0)
- Removing doctrine/persistence (v1.1.0)
- Removing doctrine/inflector (v1.3.0)
- Removing doctrine/common (v2.10.0)
- Removing doctrine/collections (v1.5.0)
- Updating typo3/cms-composer-installers (v2.2.1 => v2.2.4): Downloading (100%)
- Updating helhum/config-loader (v0.11.0 => v0.12.2): Downloading (100%)
- Updating symfony/process (v4.2.2 => v4.4.5): Downloading (100%)
- Updating symfony/polyfill-mbstring (v1.10.0 => v1.14.0): Downloading (100%)
- Installing symfony/service-contracts (v1.1.8): Downloading (100%)
- Installing symfony/polyfill-php73 (v1.14.0): Downloading (100%)
- Updating symfony/console (v4.2.2 => v4.4.5): Downloading (100%)
- Updating doctrine/lexer (v1.0.1 => 1.2.0): Downloading (100%)
- Updating doctrine/annotations (v1.6.0 => v1.8.0): Downloading (100%)
- Updating typo3fluid/fluid (2.6.0 => 2.6.9): Downloading (100%)
- Updating typo3/phar-stream-wrapper (v3.0.1 => v3.1.4): Downloading (100%)
- Updating symfony/polyfill-ctype (v1.10.0 => v1.14.0): Downloading (100%)
- Updating symfony/yaml (v4.2.2 => v4.4.5): Downloading (100%)
- Updating symfony/routing (v4.2.2 => v4.4.5): Downloading (100%)
- Installing symfony/polyfill-php72 (v1.14.0): Downloading (100%)
- Installing symfony/polyfill-intl-idn (v1.14.0): Downloading (100%)
- Updating symfony/intl (v4.2.2 => v4.4.5): Downloading (100%)
- Updating symfony/polyfill-intl-icu (v1.10.0 => v1.14.0): Downloading (100%)
- Updating symfony/finder (v4.2.2 => v4.4.5): Downloading (100%)
- Updating symfony/var-exporter (v4.2.2 => v4.4.5): Downloading (100%)
- Installing symfony/cache-contracts (v1.1.7): Downloading (100%)
- Updating symfony/cache (v4.2.2 => v4.4.5): Downloading (100%)
- Updating symfony/expression-language (v4.2.2 => v4.4.5): Downloading (100%)
- Updating nikic/php-parser (v4.2.0 => v4.3.0): Downloading (100%)
- Updating ralouphie/getallheaders (2.0.5 => 3.0.3): Downloading (100%)
- Updating guzzlehttp/psr7 (1.5.2 => 1.6.1): Downloading (100%)
- Updating guzzlehttp/guzzle (6.3.3 => 6.4.1): Downloading (100%)
- Updating doctrine/instantiator (1.1.0 => 1.3.0): Downloading (100%)
- Updating doctrine/event-manager (v1.0.0 => 1.1.0): Downloading (100%)
- Updating doctrine/cache (v1.8.0 => 1.10.0): Downloading (100%)
- Updating doctrine/dbal (v2.7.2 => v2.10.1): Downloading (100%)
- Installing algo26-matthias/idna-convert (v1.1.0): Downloading (100%)
- Installing symfony/mime (v4.4.5): Downloading (100%)
- Installing symfony/http-foundation (v4.4.5): Downloading (100%)
- Updating typo3/cms-core (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-scheduler (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-recordlist (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-extbase (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-fluid (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-install (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-frontend (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-filelist (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-extensionmanager (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-backend (v9.5.3 => v9.5.14): Downloading (100%)
- Updating helhum/typo3-console (5.6.0 => v5.8.2): Downloading (100%)
- Updating typo3/cms-about (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-viewpage (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-tstemplate (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-t3editor (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-sys-note (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-seo (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-setup (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-rte-ckeditor (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-reports (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-redirects (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-info (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-impexp (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-form (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-fluid-styled-content (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-felogin (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-beuser (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-belog (v9.5.3 => v9.5.14): Downloading (100%)
- Updating typo3/cms-adminpanel (v9.5.3 => v9.5.14): Downloading (100%)

However, the fix of "Bug #89312" was not included in the package.
https://forge.typo3.org/issues/89312

If you are unsure, you can pull out a VM yourself. That makes it easier.
But I think the ticket is done?

#10

Updated by Susanne Moog about 1 year ago

  • Status changed from Needs Feedback to Closed

This has been fixed in recent versions, closing the ticket now. If the issue pops up again, please reopen.

Also available in: Atom PDF