Why do we allow duplicate content via http\https?

Posted by Community Admin on 04-Aug-2018 20:56

Why do we allow duplicate content via http\https?

All Replies

Posted by Community Admin on 25-Aug-2013 00:00

If I have a page set to not require ssl...I expect sitefinity to not allow it to be served (redirect automatically) via https.

http://www.homepage.com (great, no ssl set)
https://www.homepage.com (wtf, why is this working)

Shouldn't need a custom redirect module to handle this...

Posted by Community Admin on 26-Aug-2013 00:00

Hi Steve,

This used to work fine but I found that it broke while upgrading to 6.1 SP1. I have reported it and it has been confirmed as a bug. I'm not sure yet when it will be fixed, but I assume and expect very soon.

Posted by Community Admin on 26-Aug-2013 00:00

Hi all,

In Sitefinity 5.x and 6.0 versions there were a problem that has been fixed in Sitefinity 6.1:

SSL: Sitefintiy performs redirect to the non-secured page even if SSL is applied on site level

For your convenience please review our release notes.

In Sitefinity 6.1 the default behavior is the following:

RequireSSL property defines whether a page will be under SSL or not. If you have applied SSL binding for the whole site but your page does not require SSL, when you request for example:


The page will be opened under http. If you request:


The page will be opened under https.

Regards,
Stefani Tacheva
Telerik
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 26-Aug-2013 00:00

So what you're saying is Sitefinity allows the entire site to be indexed onto search engines twice...and that's the desired behavior?

We don't have SSL for the whole site, only 2-3 pages...so I would expect Sitefinity to not serve the rest of the pages under SSL.

Posted by Community Admin on 26-Aug-2013 00:00

Stefani,

This is undesired behavior and it has already been confirmed and logged for fixing (see support ticket #728673).

It's simply not acceptable to serve regular content under https too, for the reasons Steve explained, but also because third party code that may be embedded in pages (like banners) can cause problems (SSL warnings).

Posted by Community Admin on 27-Aug-2013 00:00

Steve,

I just got the confirmation that this will be fixed quickly: "It will most likely be fixed in the next immediate release".

Posted by Community Admin on 27-Aug-2013 00:00

One burned, twice shy :)

...I'll believe it when I see it, I've heard that too many times before.  I have my own logic to check this in my masterpage with a config toggle in the backend.  If they add it I can disable my logic...until then I'm back working.

Posted by Community Admin on 28-Aug-2013 00:00

Hi all,

We totally agree with you that the problem is caused by a bug. Thank you for all the additional steps you have sent. Please find the bug description in PITS on the following URL. The bug is marked as critical and it will be fixed soon.

Regards,
Stefani Tacheva
Telerik

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 03-Sep-2013 00:00

Hello Steve, Arno,

As the page property is named "Require Ssl" and when it is marked - it is easy to understand that the page should be served via https. But when the property value is "false" this means it does not require ssl and it does not obligate you to serve the page neither via http nor via https.
In fact the in 6.1 we've fixed this behavior because there were clients that require their pages to be available on https if they request them using ssl and they do not want their pages to require ssl.

We understand your concerns and now we're going to add a global configuration - RemoveNonRequiredSsl (turned off by default). And you will be able to turn it on in order to insist for such redirects and the pages that does not require ssl will be available only on http.

I hope this will be ok for you and the rest of our clients. (Please keep in mind that the default behavior should conform with the name of the property "require ssl").

Regards,
DimBo
Telerik

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 03-Sep-2013 00:00

Hi DimBo,

This sounds good to me. Is this still planned for the "next immediate release" as discussed in the support ticket?

Posted by Community Admin on 03-Sep-2013 00:00

More than perfect, everyone will be happy :)

Posted by Community Admin on 05-Sep-2013 00:00

Hi guys,

I'm glad to hear your positive feedback and yes it will be part of the next release (6.1 SP2).

Have a nice day,
DimBo
Telerik

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 20-May-2014 00:00

Hi guys,

It looks like this is still an issue in Sitefinity 7. Please let me know if there is a setting that I am missing.

Thanks. 

 

 

Posted by Community Admin on 21-May-2014 00:00

Hi JGarland,

Please check this.

Posted by Community Admin on 27-Aug-2014 00:00

Any update on this? I'm having the same problem on v7.1

Posted by Community Admin on 01-Sep-2014 00:00

Hi Kurren,

Regarding the following problem:

feedback.telerik.com/.../100718-visiting-a-page-under-https-causes-all-subsequent-pages-to-be-served-under-https

It has been resolved in Sitefinity 6.2 SP2.

A configuration has been introduced in order to support the old  behavior.

Settings > Advanced > System > SiteUrlSettings > Remove ssl when the page does not require it
By default the property is not marked.

Remove ssl when the page does not require it - When enabled the pages that does not require ssl will redirect to http explicitly.

If the problem still persist please send us a video demonstration or some additional information.

As for the problem reported by Steve:

feedback.telerik.com/.../125390-scriptmanager-setting-for-cdn-doesnt-check-the-pages-https-status

It has not been fixed yet. You could follow it in order to receive notifications once the status of the item is changed.

Regards,
Stefani Tacheva
Telerik
 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed