Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable Traefik Content-Type auto-detection #5346

Closed
1 task done
lucaslohne opened this issue Sep 18, 2023 · 3 comments
Closed
1 task done

Disable Traefik Content-Type auto-detection #5346

lucaslohne opened this issue Sep 18, 2023 · 3 comments
Labels
enhancement
Milestone
v1.22.7

Comments

@lucaslohne
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem?

I created a fresh Typo3 12 project and the install tool security check shows the following warnings:

Unexpected server response
https:// test.ddev.site/typo3temp/assets/29bd3687.tmp/c8059a1e.wrong: unexpected content-type text/html

Unexpected server response
https:// test.ddev.site/typo3temp/assets/29bd3687.tmp/c8059a1e.html.wrong: unexpected content-type text/html

As of the traefik documentation there is an auto-detection for the Content-Type which is enabled by default.
https://doc.traefik.io/traefik/middlewares/http/contenttype/

In this case traefik changes the Content-Type so the security checks fail as the response is not as expected. In my case this is not a problem for my local dev environment but could be a problem in other circumstances as you should not expect traefik to change the Content-Type. The traditional router before traefik did not change anything.

Describe your solution

As mentioned in the traefik documentation this behavior can be disabled via middleware.

I suggest changing the autogenerated project traefik config file in the following way:

Adding these lines at the top under http:

http:    
    middlewares:
        autodetect:  
            contentType:  
                autoDetect: false

The middleware has than to be added to every router where this behavior should be disabled. I suggest disabling it in every router. This can be done this way:

test-web-80-http:
  rule: HostRegexp(`test.ddev.site`)
  middlewares:
    - autodetect
  service: "test-web-80-http"
  tls: false
  entrypoints:
    - http-80

This fixed the problem and all the security checks passed.

Describe alternatives

No response

Additional context

No response
@rfay rfay added this to the v1.22.5 milestone Oct 27, 2023
@rfay rfay modified the milestones: v1.22.5, v1.22.6 Nov 18, 2023
@stasadev stasadev modified the milestones: v1.22.6, v1.22.7 Dec 13, 2023
@stasadev stasadev mentioned this issue Dec 18, 2023
Merged
@stasadev
Copy link
Member

stasadev commented Dec 18, 2023
edited

@lucaslohne,

Please provide instructions on how to test this (what the wrong file should look like, what webserver type do you use, and so on) because I couldn't reproduce it.

I opened a PR for this:

@lucaslohne
Copy link
Author

@stasadev

I could reproduce it when just created a fresh TYPO3 Install (Apache Webserver) and then in the Backend (Install Tool) under "Environment" and "Environment Status" I get the messages mentioned in my first post. After the changes I mentioned there there are no more unexpected server responses listed.

If you need any further information let me know, I'll respond when I'm back at home.

@stasadev
Copy link
Member

@lucaslohne thanks, I can reproduce it now.

Please check the artifacts from #5647 (comment) when you get a chance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v1.22.7
Development

No branches or pull requests
3 participants
@rfay @lucaslohne @stasadev