Bug #91433
closedStory #91384: Backend login and referrer problems after recent TYPO3 9.5.17 and 10.4.2 security fixes
Allow referrer refresh in install tool
100%
Description
With TYPO3-CORE-SA-2020-006 (SSRF via XSS) a strict referrer handling
has been introduced to avoid the install tool being called from other
non same-origin locations. In case a HTTP referrer header was empty
the system tried to refresh the view - otherwise the request was
denied completely.
Changes of issue #91396 using refresh-always
are applied as well.
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64518
Updated by Gerrit Code Review over 4 years ago
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64519
Updated by Oliver Hader over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 86b9b4a2261d07b35dc302766e77d888e412c20c.