A real quick post on something that stumped me and had me scratching my head last week. A colleague mentioned that when browsing the Production site with
?sc_mode=edit appended to the URL then the site would attempt to redirect the user to
/sitecore/login page. In some cases it would cause an infinite redirect and cause the browser to throw a “redirected too many times error”.
In and of itself, it didn’t cause any security issues – the CM server was only accessible to our internal network and we had followed server hardening best practices and blocked access to the CMS interface on the CD servers (we actually just return a 404 rather than anything specific related to access denied).
We had also correctly followed the guide to configure a CD server so was pretty sure it was not related to having missed disabling a file.
So I asked on Slack if it was expected behaviour that appending
?sc_mode=edit would attempt to redirect to login page on the CD servers, I would have expected it to do nothing. Having then dug a little into the Context code, turns out there is a setting for this which we had completely overlooked.