November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
Commerce Manager cannot load cdns in loadbalanced environment
I think I tried a solution for this, basically you canoverwrite the CDN url. Can't remember how it looks like, but will get back to you.
Aug 03, 2018 10:37
I think you need to do something like this in application_start or an initiliazation module
https://stackoverflow.com/questions/11949504/scriptmanager-enablecdn-does-not-work-on-ssl
Aug 04, 2018 0:16
Exactly! The solution in Mark's post is what I sent to another customer.
Adding this to Global.asax/Application_Start
System.Reflection.Assembly ext = typeof(ScriptManager).Assembly;
System.Reflection.Assembly web = typeof(HttpApplication).Assembly;
ScriptManager.ScriptResourceMapping.AddDefinition("WebForms.js", web,
new ScriptResourceDefinition
{
ResourceName = "WebForms.js",
ResourceAssembly = web,
CdnPath = "https://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js",
CdnSupportsSecureConnection = true
});
ScriptManager.ScriptResourceMapping.AddDefinition("MicrosoftAjax.js", ext,
new ScriptResourceDefinition
{
ResourceName = "MicrosoftAjax.js",
ResourceAssembly = ext,
CdnPath = "https://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.js",
CdnSupportsSecureConnection = true
});
ScriptManager.ScriptResourceMapping.AddDefinition("MicrosoftAjaxWebForms.js", ext,
new ScriptResourceDefinition
{
ResourceName = "MicrosoftAjaxWebForms.js",
ResourceAssembly = ext,
CdnPath = "https://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.js",
CdnSupportsSecureConnection = true
});
Note that they should change <compilation debug="false" in web.config
Edited,
Aug 04, 2018 8:17
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
We're running Commerce Manager in a load balanced environment. Although the browser requests Commerce Manager over https, the load balancer redirects to non-http, which gives issues with mixed content. This is nicely explained in this article:
https://world.episerver.com/blogs/Quan-Mai/Dates/2017/7/commerce-manager-over-https-on-load-balancer/
The article suggests two things to solve this:
1) Use at least Commerce Manager 10.6.0. We use 11.8 so that should be fine.
2) Configure the header X-Forwarded-Proto to "https" on your load balancer. This we did.
With above solution, Commerce Manager now loads it's own internal scripts and stylesheets over https, so that's great. However Commerce Manager still tries to load cdns over http, as seen here:
Snippet from browser's console log:
"Mixed Content: The page at 'https://cmepiuat03.tst.dsb.dk/Apps/Shell/Pages/default.aspx' was loaded over HTTPS, but requested an insecure script 'http://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js'. This request has been blocked; the content must be served over HTTPS.
default.aspx:1 Mixed Content: The page at 'https://cmepiuat03.tst.dsb.dk/Apps/Shell/Pages/default.aspx' was loaded over HTTPS, but requested an insecure script 'http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.debug.js'. This request has been blocked; the content must be served over HTTPS.
default.aspx:1 Mixed Content: The page at 'https://cmepiuat03.tst.dsb.dk/Apps/Shell/Pages/default.aspx' was loaded over HTTPS, but requested an insecure script 'http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.debug.js'. This request has been blocked; the content must be served over HTTPS.
ContentFrame.aspx?_a=Catalog&_v=Catalog-List:1 Mixed Content: The page at 'https://cmepiuat03.tst.dsb.dk/Apps/Shell/Pages/default.aspx' was loaded over HTTPS, but requested an insecure script 'http://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js'. This request has been blocked; the content must be served over HTTPS.
ContentFrame.aspx?_a=Catalog&_v=Catalog-List:1 Mixed Content: The page at 'https://cmepiuat03.tst.dsb.dk/Apps/Shell/Pages/default.aspx' was loaded over HTTPS, but requested an insecure script 'http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.debug.js'. This request has been blocked; the content must be served over HTTPS.
ContentFrame.aspx?_a=Catalog&_v=Catalog-List:1"
How to fix this?