[TYPO3-core] Status of RFC: #9046: Nested domain linking with domain record on root page

Ingmar Schlecht ingmar at typo3.org
Wed Oct 7 20:25:56 CEST 2009 

Hi Ernesto,

Ernesto Baschny [cron IT] wrote:
> can someone explain the "caching" problem? Tobias, Ingmar?

Sure, I'll try to.

> In my eyes, if you cache the page that has links pointing to other
> domains, those links will still work. If there are links pointing to the
> same domain (thus relative to the current domain), the links in the
> cache also work, as they are relative (and not prepended by the
> HTTP_HOST). In my understanding (haven't reviewed or tested the patch, I
> must confess) the HTTP_HOST is never stored in the cache and the cached
> page is independent on which HTTP_HOST was used to access the page. Why
> would it be different?
> 
> Using HTTP_HOST (which comes from the user) to store *anything* is
> dangerous anyways, because this can easily be exploited (e.g. to flood
> the cache table).

Of course, that needs to be taken into account. But that is easily
solvable by using the domain record UID instead of the HTTP_HOST as the
cache identifier.

> So I find the bug in the patch is there that we use HTTP_HOST to decide
> if we should prepend another domain to the URL or not. 

The problem is that it sometimes does depend on the current HTTP_HOST,
what link is rendered, e.g. whether a domain is prefixed or not.

Say we have a tree like this:

yahoo.com
  - finance (no special subdomain, accessible only through yahoo.com)
  - weather (weather.yahoo.com, no force flag set)
    * europe
    * asia
  - sports (sports.yahoo.com, force flag set)
    * soccer
    * tennis

Now say you are on the european weather page using
yahoo.com/europe.XYZ.0.html, and want to link to the finance page: You
wouldn't have to prefix any domain, because you are already on yahoo.com.

If you would instead use the weather.yahoo.com domain to access the
european weather page, the same link to finance would not work unless
you do explicitly prefix the domain yahoo.com.

So the very same page (the european weather page) would exist in two
possible ways, each of which needs to be cached separately.

The only way around this would be always assuming the force flag to be
set, so we always assume and always make sure, that a domain is always
prefixed and we are on the closest domain to the current page. But that
way we would loose a lot of flexibility.

> We should simply
> match the PID of the sys_domain record used for the destination page
> link with the sys_domain records PID from the current page. If they are
> the same, the link is "relative". To decide that we don't even need to
> consider the users HTTP_HOST (which only decides which page to render).

You have to keep in mind that one page can be accessed through different
domains.

cheers
Ingmar

More information about the TYPO3-team-core mailing list