Vulnerability in EPiServer.Forms
I have a question regarding the behavior of Episerver in a multi-website scenario.
Imagine we have episerver with a single website, say company.com. The whole page tree is part of this single website, obviously. We have a start page setup, but the whole page tree is NOT a descendant of this start page. (this might be a crucial thing...). Now we have a new requirement: We need to have a subdomain, say subdomain.company.com, and point it to a subset of the page tree in the same episerver instance. Ideally, they should be fully independent. Ideally.
To do so, we can create a new website in Episerver, with subdomain.company.com, and set it up so that it points to the start page of this new subtree we have created for the new website. The subtree is not a descendant of the original start page for the main website, so we have no issues there. So we had "company.com", being able to access the whole page tree, and now we have also subdomain.company.com, pointing to the subtree.
Say we had a page called "dummy" in a different branch of the page tree where the main start page is. We can access to that page with this URL: "company.com/dummy". What should happen when we try to access to this URL? "subdomain.company.com/dummy"
In my opinion, I should get a 404, or if any, be redirected to "company.com/dummy". But instead, I can see the dummy page, with the URL "subdomain.company.com/dummy".
And we don't want that. We want "subdomain.company.com" page tree to be fully isolated.
Can it be done? Thanks in advance :)
Why are there pages that are not a descendant of the the start page? Surely they should be if they belong to a site?
What you're trying to achieve is entirely possible, but both sites should have a distinct start page and page tree. If you've got pages that don't have the context of a site, then to me the correct behaviour is that they're available on both sites.
You could solve this by implementing some custom routing (or easier: setting a canonical URL), but it feels like it'd be more appropriate to move those under the relevant site.
Thank you so much Jake,
now it's crystal clear, we cannot change the structure at this point, so the alternative using the IPartialRouter is the best approach.