Bug #91582
closed
Fetching an internal page as 404 content breaks browser output and CDNs
100%
Description
Defining the error handling in the site configuration like this
errorHandling:
- errorCode: '404'
errorHandler: Page
errorContentSource: 't3://page?uid=27'
causes a "connection failed" in Chromium based browsers. CDNs like Cloudflare even start repeating the request relatively fast (multiple times per second) ending in a 502 status code.
The problem drills down to the headers being received/sent when requesting the internal error page (27 above).
This request might deliver a "Transfer-Encoding: chunked" header.
Since the whole response of the sub-request is passed on as response to the initial request, also the headers from the sub-request are passed on.
This is may lead to problems, as the initial request may have another context than the internal sub-request.
In this case the "Transfer-Encoding" is not the same for the internal and the initial request. The actual webserver has to take care about settings this header correctly.
Fixing this issue, by removing this specific header from the sub-response, mitigates the problem and properly shows the 404 error page correctly, immediately and foremost without DoS-ing the server by the CDN.
Files
Updated by Markus Klein almost 4 years ago
- Related to Bug #81644: GeneralUtility::getUrl() socket method doesn't support chunked Content-Encoding added
Updated by Gerrit Code Review almost 4 years ago
- Status changed from New to Under Review
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64672
Updated by Markus Klein almost 4 years ago
- Status changed from Under Review to New
- TYPO3 Version changed from 9 to 10
Updated by Markus Klein almost 4 years ago
- Status changed from New to Under Review
Updated by Gerrit Code Review almost 4 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64672
Updated by Markus Klein almost 4 years ago
- Related to Task #90956: Deprecate alternative fetch methods for GeneralUtility::getUrl() added
Updated by Gerrit Code Review almost 4 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64672
Updated by Gerrit Code Review almost 4 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64672
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64852
Updated by Markus Klein almost 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 0d822ba49c65de00404b11f820ee8ef869fe0753.
Updated by 