typo3 11.5.27
luxletter 20

In a multiple Domain Setup with a perfect site:configuration
base with full domain and /
correct "Sender configuration"
some images are fetched from the wrong domain.

How can that be?

They will be shown but I wonder if there any security issues if an email comes from
domain xxx.org and the images from domain yyy.com ?
cross site reference?

I just digged into the code and found the part where the domain is set (see https://github.com/in2code-de/luxletter/blob/develop/ext_localconf.php#L44). So, the domain of the request is used for adding prefixes to images. This means: When you are logged in into TYPO3 backend via domain1, domain1 is used for the images and not domain2 (what would be configured in site configuration) when you add a new newsletter record.

The bad news: In my eyes there is no simple way in TYPO3 11 to set correct domain prefixes for images. Yes, middleware would be a solution but this would need some time.

The good news: There is a new feature in TYPO3 12, that allows to automatically absolute links for images, links, etc... by simply writing config.forceAbsoluteUrls = 1 in TypoScript setup (or more specific fluidStyledMailContent.config.forceAbsoluteUrls = 1 for fluidStyledMailContent). And that configuration overrules other settings with absRefPrefix.

At the moment I would tend to go for the current solution and add forceAbsoluteUrls for TYPO3 12 and newer. For your case: Are you able to update to TYPO3 12 or backport the feature from https://review.typo3.org/c/Packages/TYPO3.CMS/+/76463 (e.g. via composer patches)?

You could also embed images (via extension manager settings) to prevent wrong domains.
Any update for me here?

Your replay was very helpfull. I can live with that.
And yet disturbing that such a elemtar, obvious request is not possible to implement in typo3 11.
So thanks for your effort.

Thx, I will close this issue for now :)