You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this case traefik changes the Content-Type so the security checks fail as the response is not as expected. In my case this is not a problem for my local dev environment but could be a problem in other circumstances as you should not expect traefik to change the Content-Type. The traditional router before traefik did not change anything.
Describe your solution
As mentioned in the traefik documentation this behavior can be disabled via middleware.
I suggest changing the autogenerated project traefik config file in the following way:
The middleware has than to be added to every router where this behavior should be disabled. I suggest disabling it in every router. This can be done this way:
Please provide instructions on how to test this (what the wrong file should look like, what webserver type do you use, and so on) because I couldn't reproduce it.
I could reproduce it when just created a fresh TYPO3 Install (Apache Webserver) and then in the Backend (Install Tool) under "Environment" and "Environment Status" I get the messages mentioned in my first post. After the changes I mentioned there there are no more unexpected server responses listed.
If you need any further information let me know, I'll respond when I'm back at home.
Is there an existing issue for this?
Is your feature request related to a problem?
I created a fresh Typo3 12 project and the install tool security check shows the following warnings:
Unexpected server response
https:// test.ddev.site/typo3temp/assets/29bd3687.tmp/c8059a1e.wrong: unexpected content-type text/html
Unexpected server response
https:// test.ddev.site/typo3temp/assets/29bd3687.tmp/c8059a1e.html.wrong: unexpected content-type text/html
As of the traefik documentation there is an auto-detection for the Content-Type which is enabled by default.
https://doc.traefik.io/traefik/middlewares/http/contenttype/
In this case traefik changes the Content-Type so the security checks fail as the response is not as expected. In my case this is not a problem for my local dev environment but could be a problem in other circumstances as you should not expect traefik to change the Content-Type. The traditional router before traefik did not change anything.
Describe your solution
As mentioned in the traefik documentation this behavior can be disabled via middleware.
I suggest changing the autogenerated project traefik config file in the following way:
Adding these lines at the top under http:
The middleware has than to be added to every router where this behavior should be disabled. I suggest disabling it in every router. This can be done this way:
This fixed the problem and all the security checks passed.
Describe alternatives
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: