typo3/sysext/frontend/Classes/Middleware/FrontendUserAuthenticator.php · 9b5c52be9dc0f482f6fcda564fd7e621ca4d7733 · typo3 / typo3

[!!!][TASK] Set no-cache headers only to PSR-7 Response · 9b5c52be

Benni Mack authored Dec 04, 2020

The related HTTP no-cache headers (e.g. when a user is logged in)
are now only set via PSR-15 middlewares (already in place for
Backend Users, but now added for Frontend Users / Sessions as well),
but not directly emitted via "header()" functions anymore.

The next steps for having autonomous tests are:
* Do not send cookies directly anymore
* Double-check backend login cookies and
* Check for ImmediateResponse / HttpUtility::redirect() methods
* Evaluate the HTTP headers emitted inside the Installer.

Resolves: #92997
Releases: master
Change-Id: I7f1e9826b3d61977cb24e4622e0888e301b807e3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67001


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

9b5c52be