Disable Edit and Preview Modes on your CD servers

A real quick post on something that stumped me and had me scratching my head last week. A colleague mentioned that when browsing the Production site with ?sc_mode=edit appended to the URL then the site would attempt to redirect the user to /sitecore/login page. In some cases it would cause an infinite redirect and cause the browser to throw a “redirected too many times error”.

In and of itself, it didn’t cause any security issues – the CM server was only accessible to our internal network and we had followed server hardening best practices and blocked access to the CMS interface on the CD servers (we actually just return a 404 rather than anything specific related to access denied).

We had also correctly followed the guide to configure a CD server so was pretty sure it was not related to having missed disabling a file.

So I asked on Slack if it was expected behaviour that appending ?sc_mode=edit would attempt to redirect to login page on the CD servers, I would have expected it to do nothing. Having then dug a little into the Context code, turns out there is a setting for this which we had completely overlooked.

Read More

Resolving Custom Context.Item in Sitecore MVC

One of the most common customizations that I have seen in Sitecore is the addition of custom processors in the httpRequestBegin pipeline, usually to add is some custom logic to resolve the context item, maybe to deal with custom URLs or wildcard items. Since this pipeline runs for every single request, there are plenty of reasons to customize here.

Most often I’ve seen , you plug in after the Sitecore.Pipelines.HttpRequest.ItemResolver processor with whatever your custom requirements are. However, if you are using Sitecore MVC (and I hope you are) then you may find that your custom logic has not been applied and the Sitecore.Context.Item has been reset back to default Sitecore logic.

This has come up a number of times on Slack and caught a few colleagues out. It also caught me out a while back when I was doing some wildcard work with MVC:

Read More