TYPO3 Logo
TYPO3 Core Changelog
Options
Give feedback View source How to edit Edit on GitHub Full documentation (single file)

TYPO3 Core Changelog

  • ChangeLog v14
    • 14.0 Changes
    • 14.x Changes by type
  • ChangeLog v13
    • 13.4.x Changes
    • 13.4 Changes
    • 13.3 Changes
    • 13.2 Changes
    • 13.1 Changes
    • 13.0 Changes
    • 13.x Changes by type
  • ChangeLog v12
    • 12.4.x Changes
    • 12.4 Changes
    • 12.3 Changes
    • 12.2 Changes
    • 12.1 Changes
    • 12.0 Changes
    • 12.x Changes by type
  • ChangeLog v11
    • 11.5.x Changes
    • 11.5 Changes
    • 11.4 Changes
    • 11.3 Changes
    • 11.2 Changes
    • 11.1 Changes
    • 11.0 Changes
    • 11.x Changes by type
  • ChangeLog v10
    • 10.4.x Changes
    • 10.4 Changes
    • 10.3 Changes
    • 10.2 Changes
    • 10.1 Changes
    • 10.0 Changes
    • 10.x Changes by type
  • ChangeLog v9
    • 9.5.x Changes
    • 9.5 Changes
    • 9.4 Changes
    • 9.3 Changes
    • 9.2 Changes
    • 9.1 Changes
    • 9.0 Changes
    • 9.x Changes by type
  • ChangeLog v8
    • 8.7.x Changes
    • 8.7 Changes
    • 8.6 Changes
    • 8.5 Changes
    • 8.4 Changes
    • 8.3 Changes
    • 8.2 Changes
    • 8.1 Changes
    • 8.0 Changes
    • 8.x Changes by type
  • ChangeLog v7
    • 7.6.x Changes
    • 7.6 Changes
    • 7.5 Changes
    • 7.4 Changes
    • 7.3 Changes
    • 7.2 Changes
    • 7.1 Changes
    • 7.0 Changes
    • 7.x Changes by type
  • Documenting Changes
  • Sitemap
  1. TYPO3 Core Changelog
  2. ChangeLog v11
  3. 11.0 Changes
  4. Breaking: #92997 - Authentication-related HTTP cache headers are emitted only by PSR-15 middlewares
Give feedback Edit on GitHub

Breaking: #92997 - Authentication-related HTTP cache headers are emitted only by PSR-15 middlewares

See forge#92997

Description

In previous TYPO3 versions, when a user session was initiated or set (e.g. due to login or cookie), class AbstractUserAuthentication was instructed to send HTTP headers immediately via the PHP function header().

These headers were sent directly to the client without having a chance to manipulate a response, or simulate this behavior via proper tests in a testing suite.

These HTTP headers for not caching a HTTP response were already attached to the PSR-7 Response when an active Backend user was available in Frontend and Backend requests, but not when a Frontend user was logged in.

The internal methods in class AbstractUserAuthentication are removed.

Impact

These headers are now only sent via the PSR-7 Response object, and emitted at the very end of a Request/Response lifecycle in a TYPO3 Application (for Frontend and Backend Requests), and not via the header() function anymore.

Affected Installations

TYPO3 installations with custom extensions manipulating HTTP headers or the options within class AbstractUserAuthentication to send such headers.

Migration

If any changes regarding the PSR-7 Response headers are needed, it is recommended to build a custom PSR-15 middleware in a TYPO3 Extension.

  • Previous
  • Next
Reference to the headline

Copy and freely share the link

This link target has no permanent anchor assigned. You can make a pull request on GitHub to suggest an anchor. The link below can be used, but is prone to change if the page gets moved.

Copy this link into your TYPO3 manual.

  • Home
  • Contact
  • Issues
  • Repository

Last rendered: May 07, 2025 12:11

© since 1997 by the TYPO3 contributors
  • Legal Notice
  • Privacy Policy