问题
I built an extension and a plugin where frontend-users can edit their profile but I noticed a critical issue:
Under "Edit profile", users could see the full information about another user who wasn't even logged in. Apparently the form was a cached on the server because after adding:
config.no_cache = 1
it didn't happen again. Now the issue is that indexing is disable on the whole website.
Is there a way to disable caching only for this specific extension / plugin ?
回答1:
You should have something like this in your ext_localconf.php :
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
$_EXTKEY,
'List',
array('User' => 'list,editProfil'),
array('User' => 'editProfil') // Uncached actions
);
Here is where it is explained : https://docs.typo3.org/typo3cms/ExtbaseFluidBook/4-FirstExtension/7-configuring-the-plugin.html
回答2:
If you want this to only apply on specific pages or be controllable by integrators, you can override the TS rendering instruction for the object:
tt_content.list.20.YOURLISTTYPEHERE = USER_INT
Or if you registered it as a custom CType:
tt_content.YOURCTYPEHERE.20 = USER_INT
The above should work for fluid_styled_content and css_styled_content.
It is almost never advisable to use config.no_cache = 1 since this disables a lot of things other than just caching, as you found out. It also disables all caching for the entire page and it is almost always better for performance to only make the specific plugin not cacheable - and if possible, only do so on pages where the plugin gets used to render views which should not be cached.
Be careful if you do end up needing to cache some parts of your view. It isn't a silver bullet in terms of security, but it is a good start to always include the user's ID (and possibly other things from the authentication as well) in any cache identifiers. And try not to store sensitive information in caches at any point, including code where you output things like the user's name.
来源:https://stackoverflow.com/questions/45505361/typo3-disable-cache-for-specific-plugin-extension