SSL Enforced Not Redirecting Homepage if Not Explicitly Set #2612
Description
Description of bug
With a DNN 9.2.2 website configured with SSL Enabled, and SSL Enforced, and all pages set to "Secure", proper redirects are created for all pages, except for the naked loaded domain for the homepage of the site. Clicking a "Home" link or otherwise on the menu moves the site to HTTPS.
Steps to reproduce
- Ensure the site is configured with "SSL Enabled" and "SSL Enforced" turned on
- Validate that under "Site Settings", "Site Behavior", "Default Pages" that nothing is set for the homepage
- Ensure that the site homepage is set to "Secure"
- Navigate to the website, entering only the domain ex. http://www.mysite.com
- Notice that the page loads, but as HTTP, click the link in your skin to load the homepage, or click the logo to load the homepage and notice the swap to HTTPS.
6, Edit the Site Settings to set your homepage as the homepage - Retry step 4 from above and notice HTTPS.
Current result
The current result is a display of the site without HTTPS
Expected result
The website should be respecting the IsSecure flag and show via HTTPS only, with, or without an explicit homepage set if the page that is loaded is secure
Additional context
This has been recreated on multiple 9.2.2 installations
Affected version
- 9.2.2
Affected browser
- Chrome
- Firefox
- Safari
- Internet Explorer
- Edge