[TYPO3-core] RFC: #17413: Bug: Make jumpurl secure links work over HTTPS when BE user is logged in
Alexander Stehlik
alexander.stehlik at googlemail.com
Fri Feb 4 12:36:45 CET 2011
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=16466
Branches:
TYPO3_4-5 & trunk
Problem:
t3lib_div::start sends no cache headers that will lead to a failure in
secure jumpUrls (or any other download through PHP) in IE if connection
is SSL and BE user is logged in.
Solution:
Send out different headers that still prevent caching but work in IE.
Notes:
Steps to reproduce:
* disable all gzip compression (PHP and Webserver)
* use Internet Explorer as browser (all Versions)
* make sure you didn't install MS hotfix:
http://support.microsoft.com/kb/323308/en-us
* connect to site over HTTPS
* log into the Backend
* create some file links (tt_content.uploads) with jumpurl_secure
* open the page in the Frontend
* click on a download link
You should get this error: "Internet Explorer was unable to open this
site. The requested site is either unavailable or cannot be found.
Please try again later.
Apply the patch an the file download should start.
Quick reference for the lazy ones ;)
To enable secure jumpUrl use these settings in your template:
tt_content.uploads.20.linkProc.jumpurl = 1
tt_content.uploads.20.linkProc.jumpurl.secure = 1
I'm not a cache header guru so maybe someone has a better solution. I
did some testing with these settings and they seem to work in IE,
Firefox and Chrome.
Kind regards,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: typo3-16466b-jumpurl_ssl-v2.diff
Type: text/x-patch
Size: 1118 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110204/e8b2561f/attachment.bin>
More information about the TYPO3-team-core
mailing list