+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Why do we allow duplicate content via http\https?

Why do we allow duplicate content via http\https?

17 posts, 0 answered
  1. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    25 Aug 2013
    Link to this post
    If I have a page set to not require ssl...I expect sitefinity to not allow it to be served (redirect automatically) via https.

    http://www.homepage.com (great, no ssl set)
    https://www.homepage.com (wtf, why is this working)

    Shouldn't need a custom redirect module to handle this...
  2. Arno
    Arno avatar
    249 posts
    Registered:
    08 Sep 2010
    26 Aug 2013 in reply to Steve
    Link to this post
    Hi Steve,

    This used to work fine but I found that it broke while upgrading to 6.1 SP1. I have reported it and it has been confirmed as a bug. I'm not sure yet when it will be fixed, but I assume and expect very soon.
  3. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    26 Aug 2013
    Link to this post
    Hi all,

    In Sitefinity 5.x and 6.0 versions there were a problem that has been fixed in Sitefinity 6.1:

    SSL: Sitefintiy performs redirect to the non-secured page even if SSL is applied on site level

    For your convenience please review our release notes.

    In Sitefinity 6.1 the default behavior is the following:

    RequireSSL property defines whether a page will be under SSL or not. If you have applied SSL binding for the whole site but your page does not require SSL, when you request for example:


    The page will be opened under http. If you request:


    The page will be opened under https.

    Regards,
    Stefani Tacheva
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  4. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    26 Aug 2013 in reply to Stefani Tacheva
    Link to this post
    So what you're saying is Sitefinity allows the entire site to be indexed onto search engines twice...and that's the desired behavior?

    We don't have SSL for the whole site, only 2-3 pages...so I would expect Sitefinity to not serve the rest of the pages under SSL.
  5. Arno
    Arno avatar
    249 posts
    Registered:
    08 Sep 2010
    26 Aug 2013 in reply to Stefani Tacheva
    Link to this post
    Stefani,

    This is undesired behavior and it has already been confirmed and logged for fixing (see support ticket #728673).

    It's simply not acceptable to serve regular content under https too, for the reasons Steve explained, but also because third party code that may be embedded in pages (like banners) can cause problems (SSL warnings).
  6. Arno
    Arno avatar
    249 posts
    Registered:
    08 Sep 2010
    27 Aug 2013 in reply to Steve
    Link to this post
    Steve,

    I just got the confirmation that this will be fixed quickly: "It will most likely be fixed in the next immediate release".
  7. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    27 Aug 2013 in reply to Arno
    Link to this post
    One burned, twice shy :)

    ...I'll believe it when I see it, I've heard that too many times before.  I have my own logic to check this in my masterpage with a config toggle in the backend.  If they add it I can disable my logic...until then I'm back working.
  8. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    28 Aug 2013
    Link to this post
    Hi all,

    We totally agree with you that the problem is caused by a bug. Thank you for all the additional steps you have sent. Please find the bug description in PITS on the following URL. The bug is marked as critical and it will be fixed soon.

    Regards,
    Stefani Tacheva
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Dimitar
    Dimitar avatar
    19 posts
    Registered:
    17 Nov 2016
    03 Sep 2013
    Link to this post
    Hello Steve, Arno,

    As the page property is named "Require Ssl" and when it is marked - it is easy to understand that the page should be served via https. But when the property value is "false" this means it does not require ssl and it does not obligate you to serve the page neither via http nor via https.
    In fact the in 6.1 we've fixed this behavior because there were clients that require their pages to be available on https if they request them using ssl and they do not want their pages to require ssl.

    We understand your concerns and now we're going to add a global configuration - RemoveNonRequiredSsl (turned off by default). And you will be able to turn it on in order to insist for such redirects and the pages that does not require ssl will be available only on http.

    I hope this will be ok for you and the rest of our clients. (Please keep in mind that the default behavior should conform with the name of the property "require ssl").

    Regards,
    DimBo
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  10. Arno
    Arno avatar
    249 posts
    Registered:
    08 Sep 2010
    03 Sep 2013 in reply to Dimitar
    Link to this post
    Hi DimBo,

    This sounds good to me. Is this still planned for the "next immediate release" as discussed in the support ticket?
  11. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    03 Sep 2013 in reply to Arno
    Link to this post
    More than perfect, everyone will be happy :)
  12. Dimitar
    Dimitar avatar
    19 posts
    Registered:
    17 Nov 2016
    05 Sep 2013
    Link to this post
    Hi guys,

    I'm glad to hear your positive feedback and yes it will be part of the next release (6.1 SP2).

    Have a nice day,
    DimBo
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  13. JGarland
    JGarland avatar
    30 posts
    Registered:
    11 Nov 2006
    20 May 2014
    Link to this post

    Hi guys,

    It looks like this is still an issue in Sitefinity 7. Please let me know if there is a setting that I am missing.

    Thanks. 

     

     

  14. Arno
    Arno avatar
    249 posts
    Registered:
    08 Sep 2010
    21 May 2014 in reply to JGarland
    Link to this post

    Hi JGarland,

    Please check this.

  15. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
  16. Kurren
    Kurren avatar
    23 posts
    Registered:
    08 Jun 2013
    27 Aug 2014
    Link to this post

    Any update on this? I'm having the same problem on v7.1

  17. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    01 Sep 2014
    Link to this post
    Hi Kurren,

    Regarding the following problem:

    http://feedback.telerik.com/Project/153/Feedback/Details/100718-visiting-a-page-under-https-causes-all-subsequent-pages-to-be-served-under-https

    It has been resolved in Sitefinity 6.2 SP2.

    A configuration has been introduced in order to support the old  behavior.

    Settings > Advanced > System > SiteUrlSettings > Remove ssl when the page does not require it
    By default the property is not marked.

    Remove ssl when the page does not require it - When enabled the pages that does not require ssl will redirect to http explicitly.

    If the problem still persist please send us a video demonstration or some additional information.

    As for the problem reported by Steve:

    http://feedback.telerik.com/Project/153/Feedback/Details/125390-scriptmanager-setting-for-cdn-doesnt-check-the-pages-https-status

    It has not been fixed yet. You could follow it in order to receive notifications once the status of the item is changed.

    Regards,
    Stefani Tacheva
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
17 posts, 0 answered