Bug #91433: Allow referrer refresh in install tool - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #91433

closed

Story #91384: Backend login and referrer problems after recent TYPO3 9.5.17 and 10.4.2 security fixes

Allow referrer refresh in install tool

Added by Oliver Hader almost 4 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Oliver Hader

Category:

Security

Target version:

9.5.18 & 10.4.3

Start date:

2020-05-18

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

With TYPO3-CORE-SA-2020-006 (SSRF via XSS) a strict referrer handling
has been introduced to avoid the install tool being called from other
non same-origin locations. In case a HTTP referrer header was empty
the system tried to refresh the view - otherwise the request was
denied completely.

Changes of issue #91396 using refresh-always are applied as well.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #91433

Allow referrer refresh in install tool

Updated by Oliver Hader almost 4 years ago

Updated by Gerrit Code Review almost 4 years ago

Updated by Gerrit Code Review almost 4 years ago

Updated by Oliver Hader almost 4 years ago

Updated by Benni Mack almost 4 years ago