[TYPO3-core] RFC: #16466: Bug: Make jumpurl secure links work over HTTPS when BE user is logged in
Alexander Stehlik
alexander.stehlik at googlemail.com
Wed Feb 23 14:35:29 CET 2011
Reminder #2
>
> Sorry, I had a wrong number (17413) in the subject the first time I
> posted this RFC.
>
> So this is Reminder #1 with a corrected RFC subject.
>
>> This is an SVN patch request.
>>
>> Type: Bugfix
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=16466
>>
>> Branches:
>> TYPO3_4-5 & trunk
>>
>> Problem:
>> t3lib_div::start sends no cache headers that will lead to a failure in
>> secure jumpUrls (or any other download through PHP) in IE if connection
>> is SSL and BE user is logged in.
>>
>> Solution:
>> Send out different headers that still prevent caching but work in IE.
>>
>> Notes:
>> Steps to reproduce:
>> * disable all gzip compression (PHP and Webserver)
>> * use Internet Explorer as browser (all Versions)
>> * make sure you didn't install MS hotfix:
>> http://support.microsoft.com/kb/323308/en-us
>> * connect to site over HTTPS
>> * log into the Backend
>> * create some file links (tt_content.uploads) with jumpurl_secure
>> * open the page in the Frontend
>> * click on a download link
>>
>> You should get this error: "Internet Explorer was unable to open this
>> site. The requested site is either unavailable or cannot be found.
>> Please try again later.
>>
>> Apply the patch an the file download should start.
>>
>> Quick reference for the lazy ones ;)
>> To enable secure jumpUrl use these settings in your template:
>> tt_content.uploads.20.linkProc.jumpurl = 1
>> tt_content.uploads.20.linkProc.jumpurl.secure = 1
>>
>> I'm not a cache header guru so maybe someone has a better solution. I
>> did some testing with these settings and they seem to work in IE,
>> Firefox and Chrome.
>>
>> Kind regards,
>> Alex
>>
>>
>
More information about the TYPO3-team-core
mailing list