New in version 11.4.

The ModifyFileDumpEvent is fired in the FileDumpController and allows extensions to perform additional access / security checks before dumping a file. The event does not only contain the file to dump but also the PSR-7 Request.

In case the file dump should be rejected, the event has to set a PSR-7 response, usually with a 403 status code. This will then immediately stop the propagation.

With the event, it’s not only possible to reject the file dump request, but also to replace the file, which should be dumped.

Registration of the event in the Services.yaml:

    - name: event.listener
      identifier: 'my-package/resource/my-event-listener'

The corresponding event listener class:

use TYPO3\CMS\Core\Resource\Event\ModifyFileDumpEvent;

class MyEventListener {

    public function __invoke(ModifyFileDumpEvent $event): void
        // do magic here



class TYPO3\CMS\Core\Resource\Event\ModifyFileDumpEvent

Event that is triggered when a file should be dumped to the browser, allowing to perform custom security/access checks when accessing a file through a direct link, and returning an alternative Response.

It is also possible to replace the file during this event, but not setting a response.

As soon as a custom Response is added, the propagation is stopped.

Return type:TYPO3\CMS\Core\Resource\ResourceInterface
setFile(TYPO3CMSCoreResourceResourceInterface file)
  • $file (TYPO3CMSCoreResourceResourceInterface) – the file
Return type:Psr\Http\Message\ServerRequestInterface
setResponse(PsrHttpMessageResponseInterface response)
  • $response (PsrHttpMessageResponseInterface) – the response
Return type:Psr\Http\Message\ResponseInterface
Return type:bool