After requiring SSL in a blank ASP.NET MVC application, some of the content is no longer loading. Specifically, at least one stylesheet isn't taking effect as shown in the screenshot below. Nothing appears in the console. I'm assuming that I need to change an HTTP reference to HTTPS somewhere, but it looks like all the script files are included in the project rather than being referenced online.
Any suggestions on how to fix this?
This is because the CSS file is being referenced over http:// but the webpage is on https://
It’s known as a ‘Mixed Content’ error
If your site works on both http:// and https:// then there are 2 options
Make the http:// version of your site redirect to the https:// version (recommended)
Make the links to your css file ‘scheme relative’ (also known as ‘protocol relative’) by using just // (two forward slashes) instead of http:// or https://
e.g. //css/mycssfile.css instead of http://css/mycssfile.css
The scheme relative urls (starting with //) will use the same protocol as the web page.
So if your page is on https:// then //css/mycssfile.css means use https:// to get the css file. The same goes for http://, // means use http:// to get the css file.
Related
As most of you know, when using an external library via a CDN, let's say Google, the url often looks something like this.
<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
When using this on a live site, this works perfectly. However, locally it doesn't. Changing // to https:// does the trick. (Didn't test with http.)
So, what's the catch, and what's the difference?
// takes the current used protocol. Mainly https or http, but also any other protocol supported by the browser, such as ftp.
If you're visitig a site via https the used URL for your //-resource is https too.
See also Browser support for URLs beginning with double slash
When I browse to my startpage, e.g. /sv I get a blank page that just says "Default Page". However when I try /sv/ it works. Subpages like /sv/example work without slash though. I'm using Sitecore 7.1 with only MVC views.
Remove the default.aspx file from the web root.
That will fix your problem.
When requesting URLs without a slash at the end, the "StripLanguage" processor of the preprocessRequest pipeline rewrites path to the value of the Settings.DefaultPageName setting ("default.aspx" by default). Since such page physically exists on your site, ASP.NET MVC routing system does not handle such request, and the file itself is served. This behavior is controlled over the RouteCollection.RouteExistingFiles property (false by default), please refer to the following article for the details:
http://msdn.microsoft.com/en-us/library/system.web.routing.routecollection.routeexistingfiles.aspx.
In other case, when a slash is added after a language, this won't happen, since the "StripLanguage" processor does not rewrite the path (which is also not an expected behavior). As a result, request URL does not match the "default.aspx" static file in the site and request is getting processed by ASP.NET MVC.
I suggest you to add the following setting to the "Web.config" file (instead of creating a "default.aspx" page), which points to the "default" page without extension:
<settings>
<setting name="DefaultAspxPageName" value="default"/>
</settings>
After that, the /default URL, without ".aspx" extension, will be processed by MVC and the appropriate item will be rendered independently of a slash after the language URL section.
On my side it works.
I want to point out that the answer to this is not my own but given from the support over at Sitecore who I want to extend a big "Thank you!" to. I had googled this forever until they helped me and I thought that I want to have this document and easily found when others struggle with it. A bug is filed and they are working on fixing it.
DefaultAspxPageName is Hidden Setting.. We can find more such hidden settings..#
http://www.newguid.net/sitecore/2014/sitecore-hidden-string-configuration-settings/
My images were all held in the app itself and so were referenced with /images/12345.jpg which in some places has been hard coded into the content of the cms, with or without the full url.
The images have now been moved to s3 and so I want to add a redirect for urls that are of the following formats:
/images/12345.jpg|png|gif
or
http://www.example.com/images/12345.jpg|png|gif
(but only for only numeric filenames)
and point them to
http://my.images.images.s3.amazonaws.com/540x310/12345.jpg|png|gif
I currently have
use Rack::Rewrite do
rewrite %r{images\/(\d*.)(jpe?g|png|gif)$}, 'http://my.images.images.s3.amazonaws.com/540x310/$1$2'
end
But this doesn't seem quite right.
UPDATE------
of course the URL in the source doesn't change, I should have realised that. Clicking the link directly returns an error:
No route matches [GET] "/http://my.images.images.s3.amazonaws.com/540x310/13135.jpeg"
(note the leading slash)
So the rewrite is working but it thinks it should be routing to an internal link not an external URL.
UPDATE2------
Changing to
r302 %r{(?:images\/)(\d*.jpe?g|png|gif)$}, "http://my.images.images.s3.amazonaws.com/540x310/$1"
will now redirect if I go to
http://www.example.com/images/13135.jpeg
but is not rendering the images in the site itself.
this was caused by the url on the localhost still pointing to the live url and therefore the 301 rewrite never being called.
So the local deployment had the live URL hardcoded into the page, i was then changing this and pointing my browser at localhost.
In the page though the old URL remained which meant the page was looking to the live server for a possible redirect which had never been dpeloyed
We can see many HTML page using src="//example.com/myjavascript.js" to include a .js and let the browser use http:// / https:// depending on the current scheme of the page URL.
Is this a valid URI ?
Yes, it is definitely valid. It is a "scheme relative" or "protocol relative" URI. In the spec since the beginning. Quite helpful to deal with http/https issues.
Read a much better description and caveats:
Is it valid to replace http:// with // in a <script src="http://...">?
A few points to keep in mind:
There are some minor issues on IE 7 & 8 with double downloads
If you are viewing an HTML page from a file the browser will replace the scheme with file://, and not load your JS file from the server like it would with a full URL starting with http:// or https://.
Edit for modern webdev practices:
While the URL is still valid, it is now recommended to use https for third party resources (and, serve those resources from secure pages). The performance or compatibility issues from years ago are largely resolved with updated protocols and browsers.
As a warning... we encountered issues with this methodology NOT being supported in Internet Explorer when used inside the HTML BASE tag (IE8 and 9 confirmed, didn't test any others before patching the issue).
After newly implementing SSL on a website, we had initially updated the BASE tags across the application to simply reference "//www.mydomain.com" : but the page templates broke (in IE only) on all scripts which did NOT live at the root of the site. Makes sense, since the BASE tag was not picking up the stylesheet or other relatively-linked resources which assumed they were being referenced from root, not from a nested location.
Since the BASE URI was our own domain anyway, we fixed the issue by setting the BASE tag's value to "https://www.mydomain.com". No matter if the client is browsing the site in SSL mode or out, at least it will work cross-browser now and can ALWAYS find its content - and by forcing https at all times, we ensure we don't get any content-mismatch warnings in the process by setting the BASE path to an http location while browsing a page using https.
It is valid indeed and I have just learned this in the hard way!! We broke a customization feature so you should always validate an URL like this (in .NET):
Pay attention to:
White spaces (Trim)
"scheme relative" URI (UriKind.RelativeOrAbsolute)
public bool IsValidUrl(string resourceUrl)
{
Uri uri;
if (Uri.TryCreate(resourceUrl.Trim(), UriKind.RelativeOrAbsolute, out uri))
{
return uri.IsWellFormedOriginalString();
}
return false;
}
I've used Wayfinder in my template, eg:
[[Wayfinder? &startId=`8` ]]
and it was working fine until I turned on friendly urls (by going: System>>System Settings>>User Friendly URLS)
Now none of my links work. On top of this if I click the 'View' button from a resource page or enter the full url into a browser I get a 404 error.
Am I missing something in this process?
(ps Im using Revo 2.1.3)
Have you configured your .htaccess file? It's required for friendly urls. When you install MODX it's named ht.access, so you'll need to rename it to .htaccess.
If you've installed MODX in a subfolder you'll also need to set it here:
RewriteBase /folder-name
As Sean suggested, you'll also need to clear your cache to have your Wayfinder menu rebuilt.
it's probably your cache - just clear it and you should be fine.