A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
UrlResolver.GetUrl returns http links from ContentReference instead of https making page not secure.
UrlResolver.GetUrl will get the host from the SiteDefinition, so if you set up your site to be http, it will use it. Simply change the setting here
Feb 22, 2021 12:21
Anish
- Feb 22, 2021 12:28
Thanks for the reply. But this is already set as https including all other host names. This was working fine and all of a sudden this issue occured. When we restarted the web app and cache it worked fine and showed https links, but after couple of minutes it reverted back to http for links generated. This is happeninig for all links generated using UrlResolver.GetUrl. Quite strange I know.
Anish
- Feb 22, 2021 16:01
Yes, they are looking into this for the last two days but no luck so far. Thanks
Anish
- Feb 22, 2021 17:11
Yea that's sensitive data of live site, client informations cant be shared. Hope you understand.
Have you specified any scheme in the host settings?
In my example website; I did not specify any scheme in host settings.
Now when I access URL with https all links use with https binding.
when I access URL with http all links use with http binding.
It could be G crawler or indexer is accessing your website in http.
I think you just need to check if your production website is accessible from HTTP. If yes, you can change to allow https binding only.
You can do that by creating a rule in web.config or ask Episerver to enable force https rule from cloudflare.
Feb 22, 2021 15:26
Anish
- Feb 22, 2021 15:38
Thanks for the reply. Already there is a redirect rule that will redirect all http requests to https requests. Site cant be access over http, but only https. The problem here is links created for mega menu and forms are in http format which makes the site non secure. Host settings are all having https scheme.
Has anyone came across this issue where the function UrlResolver.GetUrl returns absolute URL with http links from ContentReference instead of https. This causes google to mark our site as not completely secure. This is happeninig only in live site and in all other environments this is working fine and creates only https links.