November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

UrlResolver.GetUrl returns http links from ContentReference instead of https making page not secure.

Anish
Anish
Vote:
 

Has anyone came across this issue where the function UrlResolver.GetUrl returns absolute URL with http links from ContentReference instead of https. This causes google to mark our site as not completely secure. This is happeninig only in live site and in all other environments this is working fine and creates only https links. 

#248971
Feb 22, 2021 11:08
Quan Mai
Quan Mai
Vote:
 

UrlResolver.GetUrl will get the host from the SiteDefinition, so if you set up your site to be http, it will use it. Simply change the setting here 

#248975
Feb 22, 2021 12:21
Anish - Feb 22, 2021 12:28
Thanks for the reply. But this is already set as https including all other host names. This was working fine and all of a sudden this issue occured. When we restarted the web app and cache it worked fine and showed https links, but after couple of minutes it reverted back to http for links generated. This is happeninig for all links generated using UrlResolver.GetUrl. Quite strange I know.
Quan Mai - Feb 22, 2021 15:59
Then I suggest to contact developer support service. this seems to be a complicated issue and that would be your best bet to get it resolved
Anish - Feb 22, 2021 16:01
Yes, they are looking into this for the last two days but no luck so far. Thanks
Quan Mai - Feb 22, 2021 16:29
DO you mind posting your Hosts hear? (censor sensitive information of course)
Anish - Feb 22, 2021 17:11
Yea that's sensitive data of live site, client informations cant be shared. Hope you understand.
Naveed Ul-Haq
Naveed Ul-Haq
Vote:
 

Have you specified any scheme in the host settings? 

In my example website; I did not specify any scheme in host settings.

Now when I access URL with https all links use with https binding. 

when I access URL with http all links use with http binding.

It could be G crawler or indexer is accessing your website in http.

I think you just need to check if your production website is accessible from HTTP. If yes, you can change to allow https binding only. 

You can do that by creating a rule in web.config or ask Episerver to enable force https rule from cloudflare. 

#248979
Feb 22, 2021 15:26
Anish - Feb 22, 2021 15:38
Thanks for the reply. Already there is a redirect rule that will redirect all http requests to https requests. Site cant be access over http, but only https. The problem here is links created for mega menu and forms are in http format which makes the site non secure. Host settings are all having https scheme.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.