[FEATURE] Make backend URL configurable
The TYPO3 Backend URL is made configurable in order to enable optional
protection against application admin interface infrastructure
enumeration (WSTG-CONF-05). Both, frontend and backend requests are
now handled by the PHP script `/index.php` to enable virtual admin
interface URLs.
The default TYPO3 Backend entrypoint path `/typo3` can be changed by
specifying a custom URL path or domain name in
`$GLOBALS['TYPO3_CONF_VARS']['BE']['entryPoint']`.
This change requires web server adaption. A silent migration and
according documentation for custom web server configurations is added.
A deprecation layer (for non-adapted systems) is in place that rewrites
the server environment variables passed to `/typo3/index.php` as if
`/index.php` was used directly. This layer will be removed in TYPO3 v14.
This change does not take assets into account, only routing is adapted.
That means composer mode will use assets provided via _assets as before
and TYPO3 classic mode will serve backend assets from /typo3/* even if
another backend URL is used and configured.
In composer mode there is an additional opt-out for the installation of
the legacy entrypoint for that can be defined in composer.json:
"extra": {
"typo3/cms": {
"install-deprecated-typo3-index-php": false
}
}
The application flow is slightly adapted by moving common middlewares
into a separate core middleware chain. This chain is dispatched by a
distinct core HTTP application (which is invoked by index.php).
These middlewares are suitable for proxy determination or generic
access control – basically everything not needed for subrequests.
The core HTTP request handler then decides whether the request is to be
routed to the frontend or backend application. Frontend and backend
appplications are still designed to work independently with a plain
PSR-7 Server Request in order for sub requests from backend to frontend
(or vice versa) to work.
The following diagram outlines the new application workflow including
flow of possible sub requests (not yet used from backend to frontend,
but it shows how they are intended to be invoked):
+-------------------+
| |
| Core HTTP |
| Application |
| |
+---------+---------+
|
|
v
+---------+---------+
| |
| Core HTTP |
| Middlewares |
| |
+---------+---------+
|
|
v
+---------+---------+
| |
| Core HTTP |
+-------------+ Request Handler +--------------+
| | | |
| +-------------------+ |
| |
v v
+--------+----------+ +---------+---------+
| | (Sub Request) | |
| Frontend HTTP +<-------------+ | Backend HTTP |
| Application +<-----------+ | | Application |
| | | | | |
+---------+---------+ | | +---------+---------+
| | | |
| | | |
v | | v
+---------+---------+ | | +---------+---------+
| | | | | |
| Frontend HTTP | | | | Backend HTTP |
| Middlewares | | | | Middlewares |
| | | | | |
+---------+---------+ | | +---------+---------+
| | | |
| | | |
v | | v
+---------+---------+ | | +---------+---------+
| | | | | |
| Frontend HTTP | | | | Backend HTTP |
| Request Handler | | | | Request Handler |
| | | | | |
+---------+---------+ | | +---------+---------+
| | | |
| | | |
v | | v
+---------+---------+ | | +---------+---------+
| | | | | |
| TypoScript | | | | Backend Route |
| Frontend +------------+ | | Dispatcher |
| Controller | | | |
| | | +---------+---------+
+-------------------+ | |
| |
| v
| +---------+---------+
| | |
| | Backend |
+------------+ Controller |
| |
+-------------------+
Commands executed:
# For changed in https://github.com/TYPO3/testing-framework/pull/533
composer req --dev "typo3/testing-framework":"dev-main"
Resolves: #87889
Releases: main
Change-Id: I3c96d4d7c58f08ed302ee35eb75d28afbf77686a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74366
Reviewed-by: 
Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: 
Stefan Bürk <stefan@buerk.tech>
Tested-by: 
core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: 
Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: 
Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Showing
- Build/Sources/TypeScript/backend/module/router.ts 2 additions, 1 deletionBuild/Sources/TypeScript/backend/module/router.ts
- composer.lock 4 additions, 4 deletionscomposer.lock
- typo3/sysext/backend/Classes/Composer/InstallerScripts.php 6 additions, 1 deletiontypo3/sysext/backend/Classes/Composer/InstallerScripts.php
- typo3/sysext/backend/Classes/Controller/BackendController.php 3 additions, 0 deletions...3/sysext/backend/Classes/Controller/BackendController.php
- typo3/sysext/backend/Classes/Http/Application.php 4 additions, 19 deletionstypo3/sysext/backend/Classes/Http/Application.php
- typo3/sysext/backend/Classes/Routing/Router.php 7 additions, 5 deletionstypo3/sysext/backend/Classes/Routing/Router.php
- typo3/sysext/backend/Classes/ServiceProvider.php 4 additions, 4 deletionstypo3/sysext/backend/Classes/ServiceProvider.php
- typo3/sysext/backend/Configuration/RequestMiddlewares.php 0 additions, 7 deletionstypo3/sysext/backend/Configuration/RequestMiddlewares.php
- typo3/sysext/backend/Resources/Private/Php/backend.php 0 additions, 21 deletionstypo3/sysext/backend/Resources/Private/Php/backend.php
- typo3/sysext/backend/Resources/Private/Php/legacy-backend.php 48 additions, 0 deletions...3/sysext/backend/Resources/Private/Php/legacy-backend.php
- typo3/sysext/backend/Resources/Private/Templates/Backend/Main.html 1 addition, 1 deletion...ext/backend/Resources/Private/Templates/Backend/Main.html
- typo3/sysext/backend/Resources/Public/JavaScript/module/router.js 2 additions, 2 deletions...sext/backend/Resources/Public/JavaScript/module/router.js
- typo3/sysext/backend/Tests/Functional/Routing/RouterTest.php 22 additions, 9 deletionstypo3/sysext/backend/Tests/Functional/Routing/RouterTest.php
- typo3/sysext/backend/Tests/Functional/Template/Components/Buttons/Action/ShortcutButtonTest.php 1 addition, 1 deletion...Template/Components/Buttons/Action/ShortcutButtonTest.php
- typo3/sysext/backend/Tests/Unit/Routing/UriBuilderTest.php 6 additions, 4 deletionstypo3/sysext/backend/Tests/Unit/Routing/UriBuilderTest.php
- typo3/sysext/core/Classes/Composer/InstallerScripts.php 9 additions, 2 deletionstypo3/sysext/core/Classes/Composer/InstallerScripts.php
- typo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php 5 additions, 6 deletionstypo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php
- typo3/sysext/core/Classes/Http/Application.php 59 additions, 0 deletionstypo3/sysext/core/Classes/Http/Application.php
- typo3/sysext/core/Classes/Http/RequestHandler.php 47 additions, 0 deletionstypo3/sysext/core/Classes/Http/RequestHandler.php
- typo3/sysext/core/Classes/Middleware/NormalizedParamsAttribute.php 4 additions, 1 deletion...ext/core/Classes/Middleware/NormalizedParamsAttribute.php
Please register or sign in to comment