For CSS added with vhs.asset config.compressCss does not work - typo3

I try to compress my CSS and JS files, for that I set the compressionLevel in the Installtool to 9 for BE and FE. and I added following Typoscript to my setup.txt in my template:
config.compressCss = 1
config.compressJs = 1
config.concatenateCss = 1
config.concatenateJs = 1
plugin.tx_vhs.settings.asset {
fonts1 {
type = css
name = font1
path = https://fonts.googleapis.com/css?family=Istok+Web:400,700
standalone = 1
external = 1
}
styles {
type= css
name = main-style
path = EXT:my_template/Resources/Public/css/main.css
standalone = 1
}
}
Now some CSS files from extensions get compressed, but the one I add via vhs.asset does not get compressed at all.
Any idea why the compression does not work with the CSS (and JS) added via vhs.asset?


Although such an option exists in TYPO3 CMS, it is not a CMS job, but rather server's job (Apache, nginx, etc.).
So, if you have an nginx server, it can be done with following configuration (and, probably, it is already turned on in /etc/nginx/nginx.conf):
gzip on;
gzip_comp_level 6;
gzip_types text/plain text/html text/xml text/css text/javascript application/json application/xml application/xml+rss application/x-javascript;
For Apache you need a mod_deflate and following lines in your .htaccess:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xml+rss
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
Benefits:
separation of responsibilities: server serves the assets, while CMS provides them;
more types can be compressed, not just CSS and JS;
no matter how the assets are served - TS, VHS, just linked via link or style tags - they will be always compressed;
Size of compressed data will be same in both cases (sure, depends also on compression level set), because same libraries and algorithms are used.


Try this to include your css / js :
#-------------------------------------------------
# Distribution Configuration/TypoScript/setup.ts
#-------------------------------------------------
page = PAGE
page {
# CSS files to be included
includeCSS {
myTemplate = EXT:my_template/Resources/Public/Css/main.css
}
# JS to be included (mind how other JS is included)
# includeJSFooter is also very common
includeJS {
myTemplate = EXT:my_template/Resources/Public/JavaScript/script.js
}
}
(ps: you do have to include your static template in this case)

Related

How to read MIME file

I need some help to download email attachments from S3 bucket, email formats are MIME files. How can I read this email file and download attachment? Any good source is appreciated too
Content-Type: application/octet-stream;
name="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Disposition: attachment;
filename="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Transfer-Encoding: base64
Content-ID: <f_l6z42itv0>
X-Attachment-Id: f_l6z42itv0

security message after upgrade to 9.5.17

after upgrading to 9.5.17 i get in the reports the following security messages:
Server Response on static files:
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.html.wrong
unexpected content-type text/html
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.1.svg.wrong
unexpected content-type image/svg+xml
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.wrong
unexpected content PHP content
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.txt
unexpected content PHP content
what does this mean?
I inspected the folder /typo3temp/assets/ - there is no folder 43cd7f07.tmp
Thanks!

The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
Basically it means that your current server system
is evaluating files like test.php.txt (.php not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain file, but is actually executable PHP code)
potentially remote code execution
is serving files like test.html.wrong (.html not at the end of the filename) still as text/html which triggers the browser to execute HTML tags and potential dangerous <script> tags
potentially cross-site scripting
Call for action
In case this is a live and in production server, you should adjust your web server configuration.
The fix is to limit those web server mime-type mapping only to those files having e.g. .html at the very end, like shown in this example for the Apache HTTP web server
<FilesMatch ".+\.html?$">
AddType text/html .html .htm
</FilesMatch>
Find more details and explanation in the TYPO3 security guidelines for server admins at https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
Update May 17th, 2020
https://gist.github.com/ohader/11d737de95895f8ca16495a8b7001c45 contains examples how to adjust an .htaccess file in case settings cannot be changed on a (shared) hosting environment.
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
<FilesMatch ".+\.php$">
# IMPORTANT: `php-fcgid` is using in THIS example
# Most probably is different for each individual configuration
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
</FilesMatch>
</IfModule>
Current handler identifier php-fcgid was identified for the example above using a phpinfo(); and searching for $_SERVER[REDIRECT_HANDLER]:
$_SERVER['REDIRECT_HANDLER'] php-fcgid

For shared hosting it can be quite hard to find out the correct handler for php.
some specialty for 1&1 Ionos, might be even special to this particular shared hosting package:
shared hosting with php 7.3 (confirmed in phpinfo), but $_SERVER['REDIRECT_HANDLER'] gives "x-mapp-php5" (not sure why, could be that the hosting is running for many years and was upgraded to php 7 and they somehow alias it for whatever reason)
The working solution for me was:
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
</FilesMatch>
</IfModule>
I had to remove both the handler/type and add them again within the filesmatch.
Took me quite a while to get this working, hope this helps.
For host-europe $_SERVER['REDIRECT_HANDLER'] was empty, php7.4:
<IfModule mod_mime.c>
....
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
# only this handler seems to work
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>

The following solution was recommended to me by the support team of ALL-INKL.COM.
I had to contact them, because the remove statements (RemoveHandler .php) did not work.
<FilesMatch "\.(php[0-9,x]*|phtml)\.">
SetHandler text/plain
</FilesMatch>
Thanks to the ALL-INKL.COM-Support-Team

Here is some Domainfactory speciality.
Mind the ForceType directive (set your specific PHP version there). If not used, its webserver would still use mimetype-sniffing.
To be used on the bottom of the newest .htaccess template (10.4, 9.5) which includes the strict handling for .svg[z]/.htm[l] already
# DomainFactory-special:
# 1) remove mimetype-sniffing anything for PHP
# 2) force PHP 7.3 mimetype on .php files
<IfModule mod_mime.c>
RemoveType .php
<FilesMatch ".+\.php$">
ForceType application/x-httpd-php73
</FilesMatch>
</IfModule>

This works for JWEILAND, WEBGO and PHP:
<IfModule mod_mime.c>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>

Email Attachments w/ base64 Encoding on Rhat

I am migrating from an old HP-UX box to a new Rhat box. Our ERP emailer program saves the email (including MIME headers) as "Email_msg_port.html" and the attachment in the user's home dir. No problem so far.
The emailer then issues the following command:
(cat Email_msg_8.html ; base64 /home/johnsmith/APMS9010.txt) | sendmail -t
The email itself is fine, but the attachment is always empty (though it says it is about 300 bytes).
My MIME header looks like this:
MIME-Version: 1.1
From: myEmail#myCompany.com
To: myEmail#myCompany.com
Subject: APMS9010.1 - Download Top Vendor Purchase - LIVE.DATA
Content-Type: multipart/mixed; boundary="_boundarystring"
This is a multi-part message in MIME format.
--_boundarystring
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: binary
Content-Disposition: inline
Content-Base: "http://myCompany.com/";
I have tried Content-Transfer-Encoding: binary (and 7bit)
Is my MIME stuff wrong, the base64 command wrong, both, or something else?
Thanks

installed mod_deflate but no improvement

I have installed the mod_deflate on centos. In virtual host file I have added the following
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
DeflateFilterNote Input input_info
DeflateFilterNote Output output_info
DeflateFilterNote Ratio ratio_info
LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
CustomLog /var/log/httpd/deflate_log deflate
its show the compression in log also but not showing improvement in pageloading time.
Please guide for the same.

if its still not working a possible reasone will be you have not included this
LoadModule deflate_module modules/mod_deflate.so
in apache
httpd.conf

Open a Configuration Profile through app

I have a .mobileconfig file in one URL. I am sending the Http post from xcode(When a button is clicked), the http post contains the .mobileconfig url. Can i download that file when the button is clicked ?

When it comes to serving up this file. It needs to be served up with a MIME Content-Type of application/x-apple-aspen-config. You may be able to do this by adding a line to your server's configuration or .htaccess file in the folder with:
<IfModule mod_mime.c>
AddType application/x-apple-aspen-config .mobileconfig
</IfModule>
If serving the file from within PHP, you may do something like:
header('Content-type: application/x-apple-aspen-config; charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;

Small correction: that is not "chatset", it is Charset. Be sure which charset you want:
header('Content-type: application/x-apple-aspen-config; Charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;