excluded parameters from cacheHash which change frontend output

[jonaseberle]

This is a really bad idea and should be avoided at all costs: https://github.com/aimeos/aimeos-typo3/blob/359101fb72d8555f77676ee759df62f63d9b6abe/ext_localconf.php#L313

TYPO3 uses parameters as indication for the page's content. cHash-exclusion signals that these parameters do not change frontend output.

Excluding everything here leads to (among others):

• wrong canonical URL (missing parameters)
• wrong language switch URL (missing parameters) as generated by the default \TYPO3\CMS\Frontend\DataProcessing\LanguageMenuProcessor

Most probably without this a lot of other workarounds wouldn't be necessary either.

[jonaseberle]

I am using this now in my site package's ext_localconf.php:

# remove aimeos cacheHash-exclusion?!
$GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['excludedParameters'] = array_filter(
    $GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['excludedParameters'],
    function($e) {
        return substr($e, 0, 3) !== 'ai[';
    }
);

Currently, that adds cHashes to many URLs. I'll have a look what can be done. But rather cHashes than a misconfigured TYPO3 IMHO.

[aimeos]

The cHash stuff in TYPO3 is pretty problematic at all because it easily leads to frontend error pages if the cHash is wrong or no cHash is included in the URL, especially when redirecting to a payment provider at the end of a checkout or passing a f_search value for full text search. Wrong canonical URLs and wrong language switch URLs are only a minor problem in total. According to Benni Mack, there may be a solution without cHash in the future but not before TYPO3 11 I guess.

[gilbertsoft]

The solution without cHash is already available since 9.5. The rule is simple, if all aspects and requirements are defined fully, no cHash gets added:

If there are dynamic parameters (= parameters which are not strictly limited), a verification GET parameter cHash is added, which can and should not be removed from the URL. The concept of manually activating or deactivating the generation of a cHash is not optional anymore, but strictly built-in to ensure proper URL handling. If you really have the requirement to never have a cHash argument, ensure that all placeholders are having strict definitions on what could be the result of the page segment (e.g. pagination), and feel free to build custom mappers.

A detailed description can be found at the change log https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5/Feature-86365-RoutingEnhancersAndAspects.html?highlight=chash

[aimeos]

We are aware of that but things aren't that easy as described in the TYPO3 docs

[jonaseberle]

I agree that it's problematic and even that cHash is conceptually flawed. IMHO it was added to TYPO3 for the wrong reasons and in an unnecessary complex way.

Yet there is one base cHash concept that holds true since the beginning: parameters are used by the Core to decide if that page's content is unique. excludedParameters are not taken into account for that. This concept is currently used in EXT:SEO for building canonical URLs, by language DataProcessors for determining translated pages, ...

Most of us have run into trying to just add parameters to excludedParameters until we learnt that this does only fix one problem but introduces others. And that can currently be seen in aimeos-typo3.

We can remove the cHash through route parameter requirements in site config. If not possible (missing slug field or similar), it would be saner to add a custom RouteEnhancer.

[aimeos]

All ai[...] parameters are transparent to TYPO3 because all Aimeos plugins are marked as non-cachable and maintain their own cache using the caching framework. So whenever these parameters change, the cachable parts of the TYPO3 page are still the same.

The exception may be the language menu because to switch the language and stay on the same Aimeos list or detail page, the Aimeos parameters are relevant. If we tell TYPO3 that e.g. the product ID and name for the detail page are relevant, TYPO3 will create a cache entry for each detail page even if it's always the same and this is a problem if you have a lot of products.

Don't know if the canonical URLs are a problem because in TYPO3 9.5+ you only have the option to use the TYPO3 canonical URLs which are totally independent of the Aimeos plugin content or the Aimeos canonical URLs for list and detail views only (because TYPO3 canonical URLs can only be disabled completely and not at a per page level).

[timontonon]

I have the same problem of the cHash. I get the error "404 The page did not exist or was inaccessible. Reason: Request parameters could not be validated (&cHash empty)", in the frontend after being redirected from paypal back to the page. ( shop/confirm?action=confirm&code=demo-paypal&controller=Checkout&token=...).

How can i fix this?

[aimeos]

Does it work if you add code here: https://github.com/aimeos/aimeos-typo3/blob/359101fb72d8555f77676ee759df62f63d9b6abe/ext_localconf.php#L313-L331

[timontonon]

Thank you for the suggestion. I added it to the ext_localconf.php of the aimeos extension. Performed Database update, but sorry same error.

[aimeos]

To make TYPO3 use a changed ext_localconf.php, you have to clear all TYPO3 caches or delete the ./typotemp/cache/ resp. ./var/cache/ directory

[timontonon]

I deleted the cache directory typo3temp and cleared all caches from , but same error.

[timontonon]

After applying this changes, also all the other payment methods like invoice are affected by the error too.