Vulnerability in EPiServer.Forms
We're adding multilanguage support in our Episerver website. Some special constraints we have:
After reading a lot of documentation we managed to make it work in most cases, but I've encountered an issue with EPiServer shortcuts that is bugging me...
In a non-multilingual scenario, consider a page called 'site-area', configured as a shortcut to a child page called 'home' so that when I navigate to company.org/site-area I'm redirected to company.org/site-area/home.
Going to a multilingual scenario, we translate both the 'site-area' and 'home' pages to spanish (es). Both english and spanish language versions are now created for both pages.
Master language and fallback language is english. No culture is set for the host in website settings. strictLanguageRouting=false in web.config. My browser language preferences are set to spanish (es). In this scenario, when I navigate directly to these urls I see the contents in these languages:
So far so good. Now let's see how the shortcut works...
The last case is what puzzles me... I expected to be redirected to the spanish version of the child page, since that's my browser preference. Instead, it looks like episerver completely bypassed my preferences and instead went on to the master language. I've also tried disabling the fallback language for both site-area and home pages, but since the master language is still english, I guess it has no effect.Have anyone else experienced this issue? Am I missing something here? Is this a bug?Thanks in advance!
Could you describe exactly how you've added this shortcut?
Thank you Tomas!Yes. I've created it using the shortcut propery in the Settings tab, as described in the link below (Scroll down to Settings > Shortcut)https:// webhelp.episerver.com/17-4/cms-edit/all-properties-view.htm (Sorry I cannot add images or hyperlinks here...). Step by step:
That's it. With this setting, and having the browser configured with spanish as my first language preference, navigating to company.org/site-area redirects me to company.org/en/site-area/home, instead of the expected company.org/es/site-area/homeHope it helps. Thanks in advance!
Hi again. So, after more investigation and test on Alloy site I've found out the actual out-of-the-box behavior. I think the whole point here is that I've set the strictLanguageRouting to false, because we don't want to force all urls to have the language segment, for business reasons. Having disabled that, I've not found official documentation about the behavior with urls that don't include the language segment, like company.org/page for instance, but it seems that episerver completely bypasses the browser language preferences in this case scenario.So, in the end, the browser language preferences apparently work for the start page only. The start page contents are correctly displayed in the browser preferred language, and all the links inside include the preferred language segment. But if you access directly to a page by typing the url in the address bar instead of navigating from the start page, and you don't provide the language segment in the url, then the browser languages preferences are not taken into account, and the content is displayed in the default language. Where is taken this default language from? I'm still investigating...Cheers