Helper does not work for page-trees if there are multiple starting pages in one contao installation

[kartoffelheinz]

If you use a multi-domain-setup, i.e. manage multiple websites with different domains in one Contao installation, the helper does only show up in the frontend for one of the websites, but not for all others.

At first I thought it would only work for the "first" page-tree, but thats not the case. You can "work around" this issue by disabling (so, only for development purposes) all other page trees.

[ausi]

The Frontend Helper relies on the Contao backend authentication cookie, therefore you have to login via /contao/ on the domain you want to use with the Frontend Helper.

[kartoffelheinz]

That is, unfortunately, not true. In, it doesn't work. Just yesterday, I had a setup with 3 page trees. I was logged in with domain3 and tried to access frontend helper with domain 3. I had to disable all other trees before that became possible. And I did login with the exact same domain that tree had set (I know that because the other two page trees where just developer domains that didn't even have dns records set).

So, there is still a bug somewhere.

OTOH it would be perfect to "enhance" the plugin's functionality to work without this cookie or have it set via a crafted link from the backend before accessing the frontend. Like, a one time token / password that "transfers" authentication information between domains, so the system can set the needed cookie for any domain that is managed within.

A link (via icon on a starting page) could look like this: mysecondomain.de/contao.php?do=frontendhelper&act=login&session_id=$sessionid&onetimepassword=$computed_otp

Once clicked, the plugin sees the token, checks for validity and makes contao set the login information cookie for that domain, too. It then redirects me to the frontend where I can do live editing.

[ausi]

I wasn’t able to reproduce your issue. Can you please check if the request to the front end page includes the BE_USER_AUTH and PHPSESSID cookies. Also make sure that you access front and back end over the same protocol, so both via HTTPS or both via HTTP.

If your issue still occurs, could you please provide which steps have to be done to reproduce it in a new contao installation.

I don’t like the idea of bypassing the authentication of Contao, this could lead to security issues. But it might be a good idea to modify the “Front end preview” button or create a new one which lets the user log in on the correct domain if he isn’t already authenticated.

[ausi]

@kartoffelheinz does this issue still occur on your website?