Search code examples

How to prevent foreign GET parameters in TYPO3's canonical tag?

If an uncached page is called in the frontend with a GET parameter that is not foreseen and has been appended to the URL from a link of an external source, like a tracking parameter or something worse e.g. …

… then this foreign parameter is passed on in the automatically generated canonical tag, created by TYPO3's core extension ext:seo. It looks like this:

<link rel="canonical" href=";cHash=f2c206f6f14a424fdbf82f683e8bf383"/>

In addition, the page is saved in the cache with this parameter. This means that subsequent visitors will also receive this incorrect canonical tag, even if they call up the page without the parameter.

Is this a bug (tested on TYPO3 10.4.15) or can it be disabled for all unknown parameters by configuration?

If you know the parameter, you can exclude it in the global configuration …

[FE][cacheHash][excludedParameters] = L,pk_campaign,pk_kwd,utm_source,utm_medium,…

… or via ext_localconf.php in the sitepackage:

$GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['excludedParameters'][] = 'tlbid';

I am only concerned with parameters that were not expected. It might make sense to turn the concept around and basically exclude all parameters except for a few self-defined allowed parameters, but I don't know if that is possible so far.


  • It's a bug. The extension urlguard2 solves this issue.