[TYPO3-core] RFC: #16466: Bug: Make jumpurl secure links work over HTTPS when BE user is logged in
Alexander Stehlik
alexander.stehlik at googlemail.com
Fri Feb 11 09:52:52 CET 2011
Sorry, I had a wrong number (17413) in the subject the first time I
posted this RFC.
So this is Reminder #1 with a corrected RFC subject.
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=16466
>
> Branches:
> TYPO3_4-5 & trunk
>
> Problem:
> t3lib_div::start sends no cache headers that will lead to a failure in
> secure jumpUrls (or any other download through PHP) in IE if connection
> is SSL and BE user is logged in.
>
> Solution:
> Send out different headers that still prevent caching but work in IE.
>
> Notes:
> Steps to reproduce:
> * disable all gzip compression (PHP and Webserver)
> * use Internet Explorer as browser (all Versions)
> * make sure you didn't install MS hotfix:
> http://support.microsoft.com/kb/323308/en-us
> * connect to site over HTTPS
> * log into the Backend
> * create some file links (tt_content.uploads) with jumpurl_secure
> * open the page in the Frontend
> * click on a download link
>
> You should get this error: "Internet Explorer was unable to open this
> site. The requested site is either unavailable or cannot be found.
> Please try again later.
>
> Apply the patch an the file download should start.
>
> Quick reference for the lazy ones ;)
> To enable secure jumpUrl use these settings in your template:
> tt_content.uploads.20.linkProc.jumpurl = 1
> tt_content.uploads.20.linkProc.jumpurl.secure = 1
>
> I'm not a cache header guru so maybe someone has a better solution. I
> did some testing with these settings and they seem to work in IE,
> Firefox and Chrome.
>
> Kind regards,
> Alex
>
>
More information about the TYPO3-team-core
mailing list