If I add noCacheHash="1" to link.action I can deactivate cHash:
<f:link.action action="show" pageUid="43" arguments="{record:record.uid}" noCacheHash="1">{record.name}</f:link.action>
/?tx_abc_abc[record]=1&tx_abc_abc[action]=show&tx_abc_abc[controller]=Abc
But when trying to access a record I get the following error:
Uncaught TYPO3 Exception
#1509296606: Failed to fetch error page "domain/index.php?id=72", reason: Client error: `GET domain/index.php?id=72` resulted in a `401 Unauthorized` response: <script>window.location.href='domain/access-denied/';</script><noscript>Error 401 - Access Deni (truncated...)
20 TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::pageErrorHandler("domain/index.php?id=72", "HTTP/1.0 404 Not Found", "Request parameters could not be validated (&cHash empty)")
How can I access the record properly when deactivating cHash?
This is not cause with noCacheHash parameters. I think you set special permission for pageID(43). So, this page is not access for this record.
So, First check this page access permission.
Related
I'm trying to use the Google API Client to gain access to a Google Doc. I get the following error:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://docs.googleapis.com/v1/documents/1Dc82X_w8UsyZnJe5JEh4E0wNdfbw-_nhVWXwgEJ4HVg?alt=json returned "The caller does not have permission". Details: "The caller does not have permission">
The error comes up in the file extract_text.py, which I got from here: https://developers.google.com/docs/api/samples/extract-text
Specifically, the error shows up at this line when it's obtaining the document's ID:
doc = docs_service.documents().get(documentId=documentID).execute()
The error states that my request has invalid authentication credentials (https://cloud.google.com/asset-inventory/docs/faq). I have made sure that I setup the OAuth correctly.
I would like to know if the 'XMLHttpRequest Error' thrown by http package is always due to missing CORS policy header?
The expection thrown in this instance is of Type ClientException - the only things that I can read is the message (XMLHttpRequest Error) and uri. So how would I know it is because of the above.
I get intermittent(and infrequent) errors in the logs, and the CORS policy header is correctly set on the server.
I want to rule out any other causes of XMLHttpRequest Error. Any ideas?
In a TYPO3 9.5.3 demo installation I see multiple errors in the log looking this:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1518472189: The requested page does not exist
... and attempts to access sites (which don't exist) like this:
typo3_src-9.5.3:
Requested URL: http://demo.domain/ultxswkov.html
typo3_src-9.5.1:
Requested URL: http://demo.domain/hpwymspohv.html
Requested URL: http://demo.domain/txlkcgnaet.html
Requested URL: http://demo.domain/contact.php
Requested URL: http://demo.domain/kontakt.html
Requested URL: http://demo.domain/kontakt.htm
Requested URL: http://demo.domain/kontakt
Requested URL: http://demo.domain/contact-us.html
Requested URL: http://demo.domain/contacts.htm
Requested URL: http://demo.domain/contacts.html
...
In all my v.8 installations I never had such log errors. I assume somebody tries to access thoses sites? (For this specific domain I don't have a ssl certificate yet) What's the best practice to do now?
It seems that error 404 was not logged in TYPO3 8.x into sys_log. Atleast with default configuration. You can check the apache error log to see what happend in the past (with TYPO3 8.x). You should see many similar 404 errors there.
Every website in the internet has evil bots as visitors, so its nothing special with TYPO3 9.x.
The question "no additional security precaution needed?" is hard to answer. As long as your installation is secure, there is no problem.
Security Guidelines: https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
I use the official example but didn't get it to work. It returned this error:
Fatal error: Uncaught OAuthException: This IP can't make requests for that application. thrown in mylinl/etc../base_facebook.php on line 1336
You should go to the App Settings—Advanced and put your IP to "Server IP Whitelist" field.
Getting the following error setting up ACS/Facebook integration:
HTTP Error Code: 502 Message: ACS40000: An error occurred while
processing a Facebook sign-in response. This may be caused by invalid
configuration of the Facebook application. Inner Message: ACS40001:
An error occurred while attempting to get an access token from
Facebook. Inner Message: ACS90005: Web exception Trace ID:
988ec1a7-e02b-4dcf-abab-51812745a121 Timestamp: 2011-07-12 19:59:51Z
I've verified that App ID, App Secret, Site URL and Site Domain have all been set.
For Site Url, we're using https://project.accesscontrol.windows.net
For Site Domain, we're using project.accesscontrol.windows.net
I'm using the following as a guideline:
http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/21/windows-azure-access-control-services-federation-with-facebook.aspx?CommentPosted=true#commentmessage
http://www.leastprivilege.com/AccessControlServiceV2AndFacebookIntegration.aspx
Any ideas would be appreciated.
Just checked my (working) settings. Differences I see:
I did not enter a Site Domain over at Facebook
On the ACS side, I have "Application permissions" set to "email" (not sure if you have something entered there?)