在Azure Cloud上安装了新的TYPO3 v10.4.8。设置:
在安装过程结束后,当我登录到TYPO3后端(https://mydomain.to/typo3)时,出现以下错误消息:
糟糕,发生了错误!
的引荐来源网址无效
/main
日志文件显示以下条目:
Sun, 13 Sep 2020 10:03:48 +0000 [CRITICAL] request="025e24a027590"
component="TYPO3.CMS.Core.Error.ProductionExceptionHandler": Core: Exception
handler (WEB): Uncaught TYPO3 Exception: #1588095936: Invalid referrer for /main
TYPO3\CMS\Core\Http\Security\InvalidReferrerException thrown in file
/var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/Security/
ReferrerEnforcer.php in line 104.
Requested URL: http://mydomain.to/typo3/index.php?route=%2Fmain&token=
--AnonymizedToken--&referrer-refresh=1599991429 - {"TYPO3_MODE":"BE","exception":
"TYPO3\\CMS\\Core\\Http\\Security\\InvalidReferrerException: Invalid referrer for
/main in /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/Security/ReferrerEnforcer.php:104\nStack trace:\n#0 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/
RouteDispatcher.php(104): TYPO3\\CMS\\Core\\Http\\Security\\ReferrerEnforcer->
handle(Array)\n
#1 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/RouteDispatcher.php(52): TYPO3\\CMS\\Backend\\Http\\RouteDispatcher->enforceReferrer(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#2 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/RequestHandler.php(94): TYPO3\\CMS\\Backend\\Http\\RouteDispatcher->dispatch(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#3 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/extbase/Classes/Middleware/SignalSlotDeprecator.php(49): TYPO3\\CMS\\Backend\\Http\\RequestHandler->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#4 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Extbase\\Middleware\\SignalSlotDeprecator->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(TYPO3\\CMS\\Backend\\Http\\RequestHandler))\n
#5 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/SiteResolver.php(69): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#6 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\SiteResolver->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#7 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/AdditionalResponseHeaders.php(41): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#8 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\AdditionalResponseHeaders->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#9 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/OutputCompression.php(47): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#10 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\OutputCompression->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#11 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/BackendUserAuthenticator.php(78): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
[...]
请求以HTTP形式到达服务器。我希望使用HTTPS。这可能是问题吗?
答案 0 :(得分:0)
我假设,如果Cloudflare执行SSL终止,则可能需要使用反向代理设置来配置TYPO3。请参阅安装工具中的[SYS][reverseProxy*]。该bug report具有更多详细信息。
您可以检查的另一件事:对于TYPO3 10.4.2,引入了“同源请求伪造”保护。一些代理服务器可能会删除HTTP Referer标头,这将有必要停用此保护机制。这可以通过使用安装工具的功能切换开关或根据部署技术禁用$GLOBALS['TYPO3_CONF_VARS']['SYS]['features'][‘security.backend.enforceReferrer’]来完成。有关详细信息,请参见Security Bulletin TYPO3-CORE-SA-2020-006。