Commit 64501965 authored by Georg Ringer's avatar Georg Ringer Committed by Benjamin Franzke
Browse files

[!!!][TASK] Use https as default scheme in PageRouter

Make the web more secure by using https as fallback scheme if not set.

Resolves: #96835
Releases: main
Change-Id: I7eea535046b25a55c705a1e13c841318966527ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73489

Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
parent eaefddb7
......@@ -309,7 +309,7 @@ class PageRouter implements RouterInterface
rtrim($language->getBase()->getPath(), '/'),
'GET',
$language->getBase()->getHost(),
$scheme ?: 'http',
$scheme ?: 'https',
$scheme === 'http' ? $language->getBase()->getPort() ?? 80 : 80,
$scheme === 'https' ? $language->getBase()->getPort() ?? 443 : 443
);
......
.. include:: ../../Includes.txt
========================================================
Breaking: #96835 - https as default scheme in PageRouter
========================================================
See :issue:`96835`
Description
===========
The fallback scheme in :php:`\TYPO3\CMS\Core\Routing\PageRouter::generateUri()` is set to `https` instead of `http` when linking to other pages.
Impact
======
If the site configuration does not provide a scheme but only a domain (e.g. `www.domain.tld`), the scheme is set to `https`.
Affected Installations
======================
All installations which use a site configuration without providing a scheme and which must not be delivered through `https`.
Migration
=========
If `https` can't be used, the entry point must define the scheme, e.g. `http://www.domain.tld`.
.. index:: Frontend, NotScanned, ext:core
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment