[Neos] Calling non-Neos controller gives security error

Christian Loock brainshack at gmail.com
Tue Feb 25 16:40:33 CET 2014


To be honest I would be very surprised if it wasn't allready possible to
request json in the Neos backend. The biggest problem is the very slim bit
of documentation available at the moment. But maybe some of the Neos Devs
can enlighten us^^


2014-02-25 16:32 GMT+01:00 Mathias Bolt Lesniak, LiliO <mathias at lilio.com>:

> Hi Christian!
>
> I've been digging deep, but it looks like it's not possible to change the
> format within the "neos/" routing. That means enabling and using the Flow
> default routes is the only way right now.
>
> As long as everything is passed through
> TYPO3\Neos\Controller\Backend\ModuleController, it will add its own
> wrapping HTML code no matter what I do.
>
> Maybe I should post a feature request?
>
>
> Anyway: Thanks for helping out! :-D
>
>
> Best wishes
>
> Mathias Bolt Lesniak
> LiliO - www.lilio.no
> mathias at lilio.com
>
>
>
> On 25. feb. 2014, at 15:11, Christian Loock <brainshack at gmail.com> wrote:
>
> > Maybe there is a way to create a link with a json format, so that your
> > controller can use the JSON View to generate the output, similar to here:
> >
> >
> http://wiki.typo3.org/Flow_Cookbook#Creating_JSON_response_.28e.g._for_AJAX_requests.29
> >
> > The only thing i would try now aside from that is to look in the Neos
> > Modules to see how they handle ajax requests. Unless someone else here
> > knows how.
> >
> >
> > 2014-02-25 15:03 GMT+01:00 Mathias Bolt Lesniak, LiliO <
> mathias at lilio.com>:
> >
> >> Hi Christian!
> >>
> >> Thanks for the tip! It looks like the only problem with doing this as a
> >> module is that my Controller's output is wrapped in Neos' module
> interface
> >> HTML when I call http://testdomain.local/neos/mymodule, so I can't send
> >> plain JSON data ...
> >>
> >>
> >> PS! There is indeed a hideInMenu property for modules. :-)
> >>
> >>
> >> Best wishes
> >>
> >> Mathias Bolt Lesniak
> >> LiliO - www.lilio.no
> >> mathias at lilio.com
> >> +47 473 28 734
> >>
> >> Alle priser er eks. mva. når ikke annet er oppgitt.
> >> Alle oppdrag forholder seg til standard tjenesteavtale:
> >> http://www.lilio.no/om_oss/tjenesteavtale/
> >>
> >>
> >>
> >>
> >> On 25. feb. 2014, at 13:31, Christian Loock <brainshack at gmail.com>
> wrote:
> >>
> >>> I think you definitly need to add Policies for your controller, since
> >>> missing policies would be interpreted as abstained, which would cause
> an
> >>> exception.
> >>>
> >>> Just add ACL for your controller in your Policy.yaml for the
> >>> Typo3.Neos:Editor Role.
> >>>
> >>> As to the other part of the question:
> >>>
> >>> You usually won't need to add your own routes. You can just set up your
> >>> module like in this tutorial:
> >>>
> >>>
> >>
> http://www.matthias-witte.net/how-to-create-a-backend-module-for-typo3-neos/2012/10/
> >>>
> >>> However, this will also display your module in the menu, but there
> might
> >> be
> >>> a config setting to hide it there. Then you can just use Neos'
> ViewHelper
> >>> to generate a link to your module. I'm not sure about the name of this
> >>> viewhelper but you can easily look it up in your Neos installation
> under
> >>> Packages/Application/Typo3.Neos/Class/Typo3/Neos/ViewHelpers i think.
> >> (Not
> >>> sure since im at work and dont have a working copy at hand)
> >>>
> >>> H2H
> >>>
> >>>
> >>> 2014-02-25 12:55 GMT+01:00 Mathias Bolt Lesniak, LiliO Design <
> >>> mathias at lilio.com>:
> >>>
> >>>> Hi!
> >>>>
> >>>> I'm trying to dynamically load data into an inspector SelectBox, by
> >>>> modifying Neos' MasterPluginEditor.js file, but when I try to fetch
> data
> >>>> from my own controller, I get a security error: "#1258721059: The
> >> security
> >>>> context contained no tokens which could be authenticated."
> >>>>
> >>>> On the PHP side, I have basically followed the steps in the chapter
> >>>> "Creating a TYPO3 Neos plugin" of the Integrator Guide, which means I
> >> have
> >>>> also added the Flow default routes to Configuration/Routes.yaml, so I
> >>>> should be able to see the output from the controller when accessing
> >>>> http://testdomain.local/mypackage/mycontroller/myaction. Instead I
> get
> >>>> this security error.
> >>>>
> >>>> What is the right way here? Should I A) add a policy or is there a way
> >> to
> >>>> B) call the controller through some Neos API?
> >>>>
> >>>> Option B is maybe the best, as it doesn't require adding the Flow
> >> default
> >>>> routes to Configuration/Routes.yaml of every Neos implementation.
> >>>>
> >>>>
> >>>> Any help would be much appreciated! :-)
> >>>>
> >>>>
> >>>> Best wishes
> >>>>
> >>>> Mathias Bolt Lesniak
> >>>> LiliO - www.lilio.no
> >>>> mathias at lilio.com
> >>>> _______________________________________________
> >>>> Neos mailing list
> >>>> Neos at lists.typo3.org
> >>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >>>>
> >>> _______________________________________________
> >>> Neos mailing list
> >>> Neos at lists.typo3.org
> >>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >>
> >> _______________________________________________
> >> Neos mailing list
> >> Neos at lists.typo3.org
> >> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >>
> > _______________________________________________
> > Neos mailing list
> > Neos at lists.typo3.org
> > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
>
> _______________________________________________
> Neos mailing list
> Neos at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
>


More information about the Neos mailing list