I built an extension and a plugin where frontend-users can edit their profile but I noticed a critical issue:
Under "Edit profile", users could see the full information about another user who wasn't even logged in. Apparently the form was a cached on the server because after adding:
config.no_cache = 1
it didn't happen again. Now the issue is that indexing is disable on the whole website.
Is there a way to disable caching only for this specific extension / plugin ?
You should have something like this in your ext_localconf.php :
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
$_EXTKEY,
'List',
array('User' => 'list,editProfil'),
array('User' => 'editProfil') // Uncached actions
);
Here is where it is explained : https://docs.typo3.org/typo3cms/ExtbaseFluidBook/4-FirstExtension/7-configuring-the-plugin.html
If you want this to only apply on specific pages or be controllable by integrators, you can override the TS rendering instruction for the object:
tt_content.list.20.YOURLISTTYPEHERE = USER_INT
Or if you registered it as a custom CType:
tt_content.YOURCTYPEHERE.20 = USER_INT
The above should work for fluid_styled_content and css_styled_content.
It is almost never advisable to use config.no_cache = 1 since this disables a lot of things other than just caching, as you found out. It also disables all caching for the entire page and it is almost always better for performance to only make the specific plugin not cacheable - and if possible, only do so on pages where the plugin gets used to render views which should not be cached.
Be careful if you do end up needing to cache some parts of your view. It isn't a silver bullet in terms of security, but it is a good start to always include the user's ID (and possibly other things from the authentication as well) in any cache identifiers. And try not to store sensitive information in caches at any point, including code where you output things like the user's name.
Related
i defined a hook in ext_localconf.php:
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_content.php']['typoLink_PostProc']['titleTagsInHiddenText'] = SNM\StmwiAccessibility\ExtendTypolink::class . '->convertTitleInHiddenText';
This hook will be executed on every link on the page, on all pages of all sites. This could be a performance killer ...
So, is there a possibility to restrict the use of the hook to the actual page? Is it possible to get the current site in ext_localconf.php?
e.g.:
$currentSite = ????;
if ($currentsite = 'rootPidOfMySite') {
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']
}
This question rises in other contexts too: i often want to restrict the performance consuming configuration of extensions to one single site. I can do it with the static setup file but not with the stuff in ext_localconf.php.
Thanks!
Which TYPO3 version do you use? There is an API to access the site configuration. I'd say you need to register PSR-15 middleware and then you can access the site configuration. More details can be found in the documentation.
I have an installation of TYPO3, it's made by the introduction bundle and the bootstrap_package. According to an issue on github (bootstrap_package) concerning custom styles, I add the code
page.includeCSS {
mycustomstyles = fileadmin/custom.css
}
to the setup section of the template (I'm not a TYPO3 pro obviously).
That works, but after a while (even after doing nothing over the night) this CSS file is not linked anymore. Then I have to flush the caches to get it back working.
Why?
To make sure that you are able to track down that css file from your browser console, add this to your page setup:
config.compressCss = 0
config.concatenateCss = 0
Also, where did you include that typoscript? For starters, it should be in the page template setup for your root page, so it can take effect over all the child pages.
In case this is an actual caching issue you could disable the cache with
config.cache = 0
and see if the problem persists.
GWT is used and the application is deployed on WebLogic using HTTPS.
The performance is poor and with F12 Developer Tools, we could see that blank.html is downloaded multiple times. This is clearly related to GWT but we have not been able to figure out why.
The following is from javascript:
defineSeed(2613, 2614, makeCastMap([Q$BaseModelData, Q$ModelData, Q$Theme, Q$Serializable]), Slate_0);
var SLATE;
function $clinit_GXT(){
$clinit_GXT = nullMethod;
IMAGES = new XImages_generatedBundle_0;
MESSAGES = new XMessages__0;
SSL_SECURE_URL = getModuleBaseURL() + 'blank.html';
}
This is from GWT.java:
/**
* URL to a blank file used by GXT when in secure mode for iframe src to
* prevent the IE insecure content. Default value is 'blank.html'.
*/
public static String SSL_SECURE_URL = GWT.getModuleBaseURL() + "blank.html";
Does anyone know under what circumstances blank.html is called?
Thanks!
This is from GWT.java:
This is actually from GXT.java.
This is used in a few cases when creating an <iframe> element, so that IE won't give errors if your site is hosted from SSL. I can actually only find one case (as of GXT 3.1.1) which uses this, in Layer.java. Only IE pages loaded from https urls will make use of this.
The Layer class uses this as a "shim", a way to prop up some DOM elements above overs, and work around some browser bugs (typically plugin or iframe related). Menus and popup dialogs use this to ensure that they don't appear "underneath" content that they should be "above".
This file is very small - just enough HTML to convince IE than the iframe has correctly loaded, and no more. It never changes, and should load nearly instantly.
As far as performance goes, this should only happen when a Menu or Window/Dialog/Tooltip is shown - these shouldn't be happening on app startup usually, at least not more than a window or two. Additionally, the browser should recognize that it is loading the same element and cache it correctly, and not load it multiple times (though it might be listed several times as hitting the cache). If the server has instructed the browser to never cache the file, that is something you should look at changing.
In short, this is very unlikely to be the cause of any performance issues, at least in GXT itself. If somehow you have the shim enabled on every single widget in your project, this should not be required. If the file is loading slowly, something may be very wrong with your server configuration.
For reference, here is the entire file:
<html></html>
I set config.disableAllHeaderCode = 1 in my recent TYPO3 sites, as I want full control over the page template.
But this not only throws out the html tag etc., but also the default Js (which could be used to uncrypt mailto-Links.
One solution would be to copy this TYPO3-generated JS from the core code and insert it manually. Very simple: just set config.disableAllHeaderCode = 0, load the page once, copy the js, done. But, in case of an update or settings change, this might break.
So: is it possible to access this "default JS" via typoscript and assign it to the PAGE object?
Have a look at https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/frontend/Classes/Page/PageGenerator.php. You will see that the spam protection code is hardcoded and only added to the page output if config.disableAllHeaderCode is not set.
Therefore I don't see a possibility to do that. Therefore the answer seems to be no, unless you XCLASS the PageGenerator. I would just copy the JavaScript code; I'm using TYPO3 for some years now and wouldn't remember that the spam protection code ever changed.
There is a solution I think. Go to /typo3/sysext/cms/tslib/templates. There is a file tslib_page_frontend.html. This file is responsible for rendering the whole page including the head. You can define a new path to the above mentioned file. For example set the following code:
config.pageRendererTemplateFile = PATH_TO_YOUR_THEME//Resources/Private/Core/tslib_page_frontend.html
respectively
page.config.pageRendererTemplateFile = PATH_TO_YOUR_THEME//Resources/Private/Core/tslib_page_frontend.html
The new template file can look like the following small snippet:
###JS_INLINE###
###BODY###
That way the inline JS is still rendered (and I think the spam protections JS is inline JS - which can be stored in external files).
I'm making an iPhone version of an existing Rails app. I'd like to make the mobile version accessible via a subdomain such as iphone.mysite.com.
I know I can use formats and the respond_to block for individual erb files, such as index.iphone.erb as show here:
Creating an iPhone optimised version of your Rails site using iUI and Rails 2
But I'd like to keep entirely separate view directories for the mobile version and regular version such as this:
app/views/iphone
Here's what I've tried in my Application controller:
class ApplicationController < ActionController::Base
before_filter :set_site
def set_site
subdomain=self.request.subdomains[0]
ActionController::Base.prepend_view_path("app/views/#{subdomain}")
end
When testing this, however, the view switches to the view associated with the last requested subdomain by any user.
For example, if I visit http://iphone.mysite.com, then immediately go to http://www.mysite.com in another separate browser, I see the mobile version instead of the regular one. Refreshing it will correct this and bring up the right version. But if I go back to http://iphone.mysite.com in the other browser and refresh, it brings up the non-mobile site! I'm tearing my hair out and not understanding what's going on.
Any advice would be much appreciated.
Edit 1
Vlad below found a link with a possible solution however it is not working for me. Here is the code I tried. I made a file called subdomain_view.rb and placed it in config/initializers:
# Put all of this in a bootstrap-only initializer
ActionController::Base.class_eval do
APP_ONE_VIEW_PATH = "app/views/iphone"
APP_TWO_VIEW_PATH = "app/views/default"
cattr_accessor :application_view_path
self.view_paths = ["app/views", APP_ONE_VIEW_PATH, APP_TWO_VIEW_PATH]
# This is where you determine the switching mechanism for your application. Here, it is a simple GET parameter.
# You can probably argue that this specific piece SHOULD be in your actual app_controller class definition, as it is the only piece
# of info pertinent to the rest of your application.
before_filter do |controller|
ActionController::Base.application_view_path = request.subdomains[0]=="iphone" ? APP_TWO_VIEW_PATH : APP_ONE_VIEW_PATH
end
end
require 'aquarium'
ActionView::PathSet.class_eval do
include Aquarium::DSL
before :find_template do |join_point, object, *args|
object.each_with_index do |path,i|
object.unshift(object.delete_at(i)) if path.to_s == ActionController::Base.application_view_path
end
end
end
# I'll leave the exercise of testing this or implementing it for your particular app up to you.
With the above code, I am getting the same view no matter what subdomain I put in. Any suggestions on what might be wrong? Am I putting this code in the wrong place?
First, you have an error in your approach. You only 'set' a view path, you don't 'unset' it. When you do something like
ActionController::Base.prepend_view_path
this actually persists between your requests (internally, you are setting a class variable, and because classes are cached in production, this variable remains set between requests). Therefore, the current view path is the view path of your last request.
IMO, you should dynamically compute view_path for your current subdomain (this implies some ActionView hacking). A nice solution is provided here.
I was able to solve the problem by using a gem called themes_for_rails:
https://github.com/lucasefe/themes_for_rails
After installing the gem, here's what I added to my application files:
#application_controller.rb
class ApplicationController < ActionController::Base
theme :theme_resolver
def theme_resolver
current_subdomain=self.request.subdomains[0]
end
end
#routes.rb
MyAppName::Application.routes.draw do
themes_for_rails
end
#Gemfile
gem 'themes_for_rails'
I placed my themes in [application_root]/themes. Make sure you don't put it in [application_root]/app/themes.