1

在 Azure 云上安装新的 TYPO3 v10.4.8。设置:

  • Ubuntu 版本 20.4
  • PHP 版本 7.3
  • Cloudflare DNS 和 SSL

在安装过程之后,当我登录到 TYPO3 后端 ( https://mydomain.to/typo3 ) 时,我收到以下错误消息:

糟糕,发生错误!
无效的推荐人/main

日志文件显示以下条目:

Sun, 13 Sep 2020 10:03:48 +0000 [CRITICAL] request="025e24a027590"
component="TYPO3.CMS.Core.Error.ProductionExceptionHandler": Core: Exception
handler (WEB): Uncaught TYPO3 Exception: #1588095936: Invalid referrer for /main
TYPO3\CMS\Core\Http\Security\InvalidReferrerException thrown in file
/var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/Security/
ReferrerEnforcer.php in line 104.
Requested URL: http://mydomain.to/typo3/index.php?route=%2Fmain&token=
--AnonymizedToken--&referrer-refresh=1599991429 - {"TYPO3_MODE":"BE","exception":
"TYPO3\\CMS\\Core\\Http\\Security\\InvalidReferrerException: Invalid referrer for
/main in /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/Security/ReferrerEnforcer.php:104\nStack trace:\n#0 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/
RouteDispatcher.php(104): TYPO3\\CMS\\Core\\Http\\Security\\ReferrerEnforcer->
handle(Array)\n
#1 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/RouteDispatcher.php(52): TYPO3\\CMS\\Backend\\Http\\RouteDispatcher->enforceReferrer(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#2 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Http/RequestHandler.php(94): TYPO3\\CMS\\Backend\\Http\\RouteDispatcher->dispatch(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#3 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/extbase/Classes/Middleware/SignalSlotDeprecator.php(49): TYPO3\\CMS\\Backend\\Http\\RequestHandler->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#4 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Extbase\\Middleware\\SignalSlotDeprecator->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(TYPO3\\CMS\\Backend\\Http\\RequestHandler))\n
#5 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/SiteResolver.php(69): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#6 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\SiteResolver->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#7 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/AdditionalResponseHeaders.php(41): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#8 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\AdditionalResponseHeaders->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#9 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/OutputCompression.php(47): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
#10 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php(172): TYPO3\\CMS\\Backend\\Middleware\\OutputCompression->process(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest), Object(class@anonymous))\n
#11 /var/www/typo3_sources/typo3_src-10.4.8/typo3/sysext/backend/Classes/Middleware/BackendUserAuthenticator.php(78): class@anonymous->handle(Object(TYPO3\\CMS\\Core\\Http\\ServerRequest))\n
[...]

请求以 HTTP 形式到达服务器。我期待HTTPS。这可能是问题吗?

4

1 回答 1

1

我假设如果 Cloudflare 执行 SSL 终止,您可能需要使用反向代理设置配置 TYPO3。请参阅[SYS][reverseProxy*]安装工具。此错误报告有更多详细信息。

您可以检查的另一件事:TYPO3 10.4.2 引入了同源请求伪造保护。某些代理服务器可能会删除 HTTP Referer 标头,这将需要停用此保护机制。这可以通过禁用$GLOBALS['TYPO3_CONF_VARS']['SYS]['features'][‘security.backend.enforceReferrer’]安装工具的功能切换或相应的部署技术来完成。有关详细信息,请参阅安全公告 TYPO3-CORE-SA-2020-006

于 2020-09-15T06:52:31.307 回答