TYPO3:禁用特定插件/扩展的缓存

时间:2017-08-04 11:12:31

标签: typo3 typoscript fluid extbase

我构建了一个扩展程序和插件,前端用户可以编辑他们的个人资料,但我注意到一个关键问题:

在“编辑个人资料”下,用户可以看到有关未登录的其他用户的完整信息。显然,该表单已缓存在服务器上,因为添加后:

config.no_cache = 1

它没有再次发生。现在问题是在整个网站上禁用索引。

有没有办法只为这个特定的扩展/插件禁用缓存?

2 个答案:

答案 0 :(得分:5)

您的ext_localconf.php

应该有类似的内容
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
        $_EXTKEY,
        'List',
        array('User' => 'list,editProfil'),
        array('User' => 'editProfil') // Uncached actions
);

以下是解释的地方:https://docs.typo3.org/typo3cms/ExtbaseFluidBook/4-FirstExtension/7-configuring-the-plugin.html

答案 1 :(得分:2)

If you want this to only apply on specific pages or be controllable by integrators, you can override the TS rendering instruction for the object:

tt_content.list.20.YOURLISTTYPEHERE = USER_INT

Or if you registered it as a custom CType:

tt_content.YOURCTYPEHERE.20 = USER_INT

The above should work for fluid_styled_content and css_styled_content.

It is almost never advisable to use config.no_cache = 1 since this disables a lot of things other than just caching, as you found out. It also disables all caching for the entire page and it is almost always better for performance to only make the specific plugin not cacheable - and if possible, only do so on pages where the plugin gets used to render views which should not be cached.

Be careful if you do end up needing to cache some parts of your view. It isn't a silver bullet in terms of security, but it is a good start to always include the user's ID (and possibly other things from the authentication as well) in any cache identifiers. And try not to store sensitive information in caches at any point, including code where you output things like the user's name.