Actions
Bug #91433
closedStory #91384: Backend login and referrer problems after recent TYPO3 9.5.17 and 10.4.2 security fixes
Allow referrer refresh in install tool
Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
Start date:
2020-05-18
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
With TYPO3-CORE-SA-2020-006 (SSRF via XSS) a strict referrer handling
has been introduced to avoid the install tool being called from other
non same-origin locations. In case a HTTP referrer header was empty
the system tried to refresh the view - otherwise the request was
denied completely.
Changes of issue #91396 using refresh-always
are applied as well.
Actions