TYPO3 Core

Hey folks,

when TYPO3 is not capable of performing a HTTP-Request on itself - e.g. when there's a basic-auth-protection on the site - the "Server Response on static files"-check in the Reports-module shows a somewhat generic warning:

Warnings
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.html
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.wrong
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.html.wrong
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.1.svg.wrong
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.2.svg.wrong
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.php.wrong
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.html.txt
(401): http://mydomain.tld/typo3temp/assets/714b0522.tmp/376bc44b.php.txt

One might think that the configuration is unsafe, but in this particular case it was not possible for TYPO3 to perform the checks at all.
I think it would be great if TYPO3 would tell the user, if the check lead to an unexpected result (e.g. wrong content-type) or if it could not be performed at all (where a 401 is the first thing that comes to my mind).

Maybe it would also be useful to do a check on the HTTP-Requests in general, since other parts of TYPO3 also make use of it? (404 handling for example, if you select "Show Content from Page")

Everything connected to HTTP-Requests on itself will fail you create a basic-auth-protection without whitelisting the TYPO3-installation itself (e.g. by whitelisting the server-ip).

tested with 9.5.18, but i 10.4.2+ should also be affected.

Greetings,

Hannes