A real quick post on something that stumped me and had me scratching my head last week. A colleague mentioned that when browsing the Production site with
?sc_mode=edit appended to the URL then the site would attempt to redirect the user to
/sitecore/login page. In some cases it would cause an infinite redirect and cause the browser to throw a “redirected too many times error”.
In and of itself, it didn’t cause any security issues – the CM server was only accessible to our internal network and we had followed server hardening best practices and blocked access to the CMS interface on the CD servers (we actually just return a 404 rather than anything specific related to access denied).
We had also correctly followed the guide to configure a CD server so was pretty sure it was not related to having missed disabling a file.
So I asked on Slack if it was expected behaviour that appending
?sc_mode=edit would attempt to redirect to login page on the CD servers, I would have expected it to do nothing. Having then dug a little into the Context code, turns out there is a setting for this which we had completely overlooked.
One of the most common customizations that I have seen in Sitecore is the addition of custom processors in the
httpRequestBegin pipeline, usually to add is some custom logic to resolve the context item, maybe to deal with custom URLs or wildcard items. Since this pipeline runs for every single request, there are plenty of reasons to customize here.
Most often I’ve seen , you plug in after the
Sitecore.Pipelines.HttpRequest.ItemResolver processor with whatever your custom requirements are. However, if you are using Sitecore MVC (and I hope you are) then you may find that your custom logic has not been applied and the Sitecore.Context.Item has been reset back to default Sitecore logic.
This has come up a number of times on Slack and caught a few colleagues out. It also caught me out a while back when I was doing some wildcard work with MVC:
In January 2017 I presented at the Sitecore London User Group. Since I work freelance, I don’t have a deck of corporate PowerPoint slides that I need to pimp out for presentation or demos. Apparently those default Microsoft themes are also boring.
So I got round to creating a slide deck. And since I was presenting at a Sitecore usergroup, why not make it Sitecore themed and make it like the desktop! A couple of people asked for it, so here you go.
Download: Sitecore Presentation Template
I recently got a ping back from Eric Stafford on an old blog article of mine, the first one I had ever posted! He was working on some code and needed to inject in some custom CSS into the Experience Editor. We had several conversations on Slack, and I thought I’d post up some powerful ways in which to achieve this. Be sure to check out Eric’s posts, he’s done a fair amount of research into different ways of achieving this as well.
tl;dr; Ensure you include an Assert.CanRunApplication(“/path-to-application”) check in your custom application to enforce security
Have you created any customs application in Sitecore? Do you use Sitecore Roles to restrict access to those applications?
Often only certain roles should have access to certain pieces of functionality, which is fairly standard requirement, and a common way to restrict access to applications is to remove Read access to the item in the Core Database.
Take for example default out of the box Sitecore applications such as the Indexing Manager. Your average author really should not have access to this more developer centric functionality. And if they did, then nothing too bad could happen, they’d just be able to kick off the re-indexing process. Nothing too bad, but it would be both unexpected and use up server resources for no particular reason.
Following a conversation on the #helix-habitat channel over on Sitecore Slack Chat a few days ago, I thought it would be worth penning a quick post…
A question was asked about “How to organise your CM vs CD config in a Helix Solution”. This was about configs in your specific implementation, not the default Sitecore configs that need to be enabled or disabled for a specific Sitecore environment.
For example, you may have some specific custom pipelines or event handlers that should only run on the CM instance.
Some suggested that these custom configs should be enabled/disabled/modified as part of the deployment process using PowerShell, possibly using an XML file which provides a mapping of files for the environments. This could then be maintained by the developers.
I suggested a different approach, and “tagging” your config nodes to make them easier to patch… The approach was new/unknown to some so I thought I would (re)blog it.
At SUGCON EU 2016 I presented about the different options of using Content Delivery Networks with Sitecore. At the time, I had been working on a particular task to offload large media items into Azure Blob storage and serve them to via Azure CDN and wrote a number of posts detailing how I achieved this.
One of the options that I presented was utilising Azure CDN to serve your media, allowing you to benefit from Azure’s Geo-located Edge Servers meaning that assets are served from locations closer to your users, your own servers can focus on just delivering content (possibly meaning less content delivery servers and licensing costs) as well as improving browser response times by domain sharding the requests.
Use of Azure CDN will work with any version of Sitecore, and is not specific to Sitecore 8.2 Update-1 which added Azure Web Apps support. In fact, you don’t even need to be hosting your servers in Azure to utilise the CDN service.
I’ve been asked by several Sitecorians about configuring CDN, so I thought I would share a step-by-step guide in setting up Azure CDN with Sitecore.
Have you ever had the need to rollback your Sitecore deployments? Or maybe an upgrade went wrong and you need to rollback the changes?
Well you should’ve taken proper backups then, shouldn’t you! Learn your lesson yet? Now go back and add proper back-up steps to your deploy process… Good. Jeez. Shortest blog post ever! Moving on…
The problem with backups is it takes time, which seems to exponentially increase as your Sitecore database increased in size, and an equally heap load of time when you need to restore that database. The other problem with the backup is that it is just a point of time restore, what about changes that have happened since that backup had taken place?
a.k.a “Rendering Wrappers”
tl;dr; MVC HTML Helper and custom CSS styling to add chrome highlighting around renderings in Experience Editor mode.
I presented this module at the Sitecore User Group London on 12th January 2017. You can download the slides for that lightning talk here.
A few months ago I presented Session 4 of the Unofficial Sitecore Training sessions that Akshay “Be My Friend” Sura and Mike “Blog All The Things” Reynolds have been hosting. If you’re new to Sitecore or need a refresher course then I suggest you head on over and watch the videos on the series, there’s some really useful info in there from some seasoned Sitecore developers and gurus.
Anyhow, I decided presenting stuff and virtually pointing things out is hard so I added a fairly early version of some code that we had been using and experimenting with on our current project. This would make it easier to see components in Experience Editor mode and therefore easier for the audience to follow along with what I was doing. Some people noticed this at least 🙂
tl;dr; Install the module, set the config value to match your environment, have a stylised login screen and header bar per environment.
Have you ever sat there working on some task and then suddenly someone asks you to take a look at an issue on the Production environment? So you log onto that server, resolve the issue, get distracted for a few minutes by cat videos and then get back to what you were doing. But you suddenly realise that those changes you were just making was not on your local environment, you still had the Production site open in your browser tab! Oh noes!
The problem is that all the environments all looks exactly the same… the only difference being that teeny tiny URL bar, the URL in which probably also looks very similar apart from some environment prefix.