[TYPO3-mvc] Question regarding $GLOBALS['TSFE']->reqCHash() / cHash handling in extbase

Helmut Hummel helmut.hummel at typo3.org
Thu Jan 16 11:01:49 CET 2014 

Hi Kay,

On 21.11.13 11:36, Kai Tallafus wrote:

> The author recommends to put $GLOBALS['TSFE']->reqCHash(); into the detail action to prevent the above described behaviour.

What this does, is disabling the cache completely if no cHash is 
submitted. Depending on the traffic on your site and the parstime of 
your page, this might not be something you want.

> Okay, now some questions:
> 1. I have no idea how this could even happen on a productive website, but obviously the problem is caused by calling the detail view with a missing cHash (we use realurl btw.). At least I´m able to reproduce it this way (and putting $GLOBALS['TSFE']->reqCHash() into the detail action actually seems to fix the problem). Has someone observed the same behaviour too?

One possibility would be an empty realurl cache and page cache and an 
URL requested from an external site (maybe google), like Viktor 
describes in his post).

> 2. In tslib_fe::makeCacheHash() respectively TypoScriptFrontendController::makeCacheHash() I found this:
> The CacheHashCalculator:: doParametersRequireCacheHash() method checks for requireCacheHashPresenceParameters. But these are always empty and I found nothing inside TYPO3 core where CacheHashCalculator::setRequireCacheHashPresenceParameters() is called. So the above if statement is never true, and $this->reqCHash(); will never be called.

This setter is called, when you set this in configuation
[FE][cHashRequiredParameters]

> So how is the correct way to handle this inside extbase extensions?
> Is it like the blog author says or should we use CacheHashCalculator::setRequireCacheHashPresenceParameters() in our extensions or am I missing the point completely? :-)

You should configure the controller and/or action get parameter to 
require a cHash, just like Viktor suggests.


Kind regards,
Helmut

-- 
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-project-typo3v4mvc mailing list