We have moved to GitHub Issues
Created by Anders Brohäll 31 Aug 2016, 10:01:13 Updated by Sebastiaan Janssen 21 Sep 2016, 06:23:46
Is duplicated by: U4-9000
On a site utilizing https, the pingback isn't working as expected under the Security Group. "Error pinging the URL http://www.domain.com:443 - 'The underlying connection was closed: An unexpected error occurred on a receive.'" My guess is cause it uses the http-protocol instead of https.
The affected tests are 'Click-Jacking Protection' and 'Excessive Headers'
It seems like these checks are using the wrong URL. I bet you that when you look at your UmbracoTraceLog you'll see something like this when Umbraco is starting:
INFO Umbraco.Core.Sync.ApplicationUrlHelper - ApplicationUrl: http://www.domain.com:443/umbraco (UmbracoModule request)
Furthermore, I'm guessing you're trying to run your domain on https only?
Can you make sure you have your redirects set up properly: https://cultiv.nl/blog/so-you-want-to-secure-your-umbraco-site/ (scroll down to
HTTPS by default).
Still, it is possible that the very first request to your site comes in over http (without the s) because people don't try https by default, especially if their browser has not visited your site yet.
Finally, if everything seems configured properly then you could set a default url in
umbracoSettings.config. If you look at the ApplicationUrl in the log above, that URL is automatically detected from the first request to the site. You can tell Umbraco, however to always set that to a certain URL in
@umbracoApplicationUrl The url of the Umbraco application. By default, Umbraco will figure it out from the first request. Configure it here if you need anything specific. Needs to be a complete url with scheme and umbraco path, eg http://mysite.com/umbraco. NOT just "mysite.com" or "mysite.com/umbraco" or "http://mysite.com".
Let me know what you find!
It seems like if we see port number 443, we should just assume it's https and change the ApplicationUrl during startup (so in ApplicationUrlHelper as seen in the log).
@anders Did this help at all?
I haven't gotten around to it yet, hopefully i'll be able to go through it this afternoon :)
Ok, so. Except for the initial request (mentioned above) everything goes through HTTPS. The only thing i haven't tried is the umbracoApplicationUrl-setting. How would that work with multiple domains?
It works fine on my https sites yes. But yeah, we'll change Umbraco startup so that when we see port 443, we'll set the scheme to https.
umbracoApplicationUrl is just used for things like scheduled publishing and has no effect on your frontend or routing in general. It's just there in case Umbraco can't figure out the current URL correctly, like in your case.
Unfortunately I can't find a way to reproduce the issue but the following PR should fix it, if the port is 443 then add an "s" to "http" and continue. https://github.com/umbraco/Umbraco-CMS/pull/1481
Marking as re-open @sebastiaan due to the underlying healthcheck for Clickjacking needing to be updated to use HTTPS as needed.
I guess that was actually the only bug, but the fix I did was actually also important (for other reasons!).
Fixed that too now!
Yep all good - fixed :)
Backwards Compatible: True
Affected versions: 7.5.0, 7.5.1, 7.5.2
Due in version: 7.5.4
Sprint: Sprint 42