Abdull
commented
1 year ago We found out that it is indeed possible to make a request for a hidden page (using helhum/typo3-frontend-request:1.0.0).
E.g.: during an authenticated backend request:
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Http\ServerRequest;
use Helhum\Typo3FrontendRequest\Typo3Client;
$request = new ServerRequest($uri);
// add the currently authenticated backend user's `be_typo_user` cookie to the frontend request
$backendCookieHeader = BackendUserAuthentication::getCookieName() . '=' . $_COOKIE['be_typo_user'];
$request = $request->withHeader('Cookie', $backendCookieHeader);
$client = new Typo3Client();
$response = $client->send($request);
$body = (string) $response->getBody();Gotchas:
Because the frontend request is "made" with remote address 127.0.0.1, the following TYPO3 configuration variables impact the success of a request against a hidden TYPO3 page:
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockIP']should have the (default) value0.$GLOBALS['TYPO3_CONF_VARS']['BE']['lockIPv6']should have the (default) value0.$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList']should allow127.0.0.1, e.g. by explicitly including127.0.0.1, or using the wildcard*, or maybe using the default empty string.
Is it possible to use the
Typo3Clientto get a page that is currently hidden? E.g. is it possible to make a frontend request in the context of an authenticated backend user who is eligible for previewing the hidden page?