SAP Spartacus: Fallback handler if no base site matches URL - spartacus-storefront

We have configured multiple base sites in our setup, with different URL Patterns as matchers (think of "/<country/", where different countries are mapped to different base stores). This works so far. But if a user enters the URL without a country part (for example just "/" as path), it will just show an empty page. The following error will be thrown in the browsers console:
Error: Uncaught (in promise): Error: Error: Cannot get base site config! Current url (https://some-host.example.com/) doesn't match any of url patterns of any base sites.
Is there any way to register a handler to handle this case correctly? e.g. redirect the User to some base site

Related

Why does Apache get a 404 when trying to include SSI from another server?

I have two web sites that produce data that I would like to combine into one web page. Site one (the "main" site) produces most of the web page, and site two contains additional data that I want to include on that page.
I figure the best way would be to use SSI to include data from site two into the web page produced by site one. Apache on site one seems to contact site two properly, but site two returns a 404. If I contact site two directly with a browser, using the exact same URL that site one is using, I get proper data. Why wouldn't Apache on site one get the same data?
I've tried two ways to include the data from site two, one directly and one using a reverse proxy, but neither works. Other (local) SSIs and reverse-proxies work fine on this page. These are the two include lines:
<!--#include virtual="/servertwodata" -->
<!--#include virtual="http://www.servertwo.com/execs/somescript.sh?task=overview" -->
The error that I get in the Apache error log is:
unable to include "http://www.servertwo.com/execs/somescript.sh?task=overview" in parsed file /var/www/html/index.html, subrequest returned 404, referer: http://www.serverone.com/index.html
Does anyone have a clue why Apache on site one would get a 404 from site two, but the exact same URL in a generic browser would get the data fine?
From the documentation:
The value is a (%-encoded) URL-path. The URL cannot contain a scheme or hostname, only a path and an optional query string. If it does not begin with a slash (/) then it is taken to be relative to the current document.
In short: It doesn't support external URLs.
It turns out that reverse proxy does discards any query string that is included as part of the proxypass configuration parameter. I removed the query string from the proxypass parameter and moved it to the SSI include virtual tag, and it no longer gets the 404 from site two.
The response that is put on the web page is scrambled hieroglyphics, but what's causing that is a different question.

Can't update app registered in Microsoft Application Registration Portal

I have an already registered app in the site https://apps.dev.microsoft.com. I want to add another redirect URL but when I tried saving I get this error:
There's a temporary problem
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.
I have also tried using a different browser and clearing my cache but I still get the error.
I also tried registering a new app and I still get the same error. I have been getting the error for several days now and I was wondering if anybody knows a solution.
Thanks!
There are several restrictions on the format of the redirect URI that is allowed
Currently, apps that are registered in the Application Registration Portal are restricted to a limited set of redirect URI values. The redirect URI for web apps and services must begin with the scheme https, and all redirect URI values must share a single DNS domain. For example, you cannot register a web app that has one of these redirect URIs:
https://login-east.contoso.com
https://login-west.contoso.com
The scenarios that are accepted are when the DNS name matches exactly. Examples:
https://login.contoso.com
https://login.contoso.com/new
https://new.login.contoso.com
See all the v2.0 limitations

Redirect one domain to another on same server using Apache

I have two domains, example.se and example.com, which I'd both like to point to the same server and just presenting different language translations when viewing the site. I'm running Apache and PHP and have set up a default page that takes a GET argument then sets the content to show in either language.
How would I configure this with Apache so that if the user types example.se, he/she would end up with example.com/?lang=se instead, while keeping the .se domain in the url? There's just one page on the site so no need to worry about routing.

WSO2 Identity Server - Cannot Configure Custom Catch-all Exception Page

WSO2 Identity Server 5.0.0
For things such as a 500 errors and anything unforeseen, I'd like to configure my Identity Server instance to have our own branded error page to hide the server technology for security reasons and also just allow the error a little confusion.
At any rate, this no help: https://docs.wso2.com/display/IS500/Customizing+Error+Messages
I tried editing /repository/conf/tomcat/carbon/WEB-INF/web.xml and added the standard way to define an error page for exceptions:
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/NiceError.jsp</location>
</error-page>
and then placed NiceError.jsp in /repository/conf/tomcat/carbon/
So when I make a 500 error reoccurr, things change, but I'm sent to the carbon management console login page. If I decide to login, I get served up with an 405 error like so:
HTTP Status 405 - HTTP method GET is not supported by this URL
type Status report
message HTTP method GET is not supported by this URL
description The specified HTTP method is not allowed for the requested resource.
Apache Tomcat/7.0.55
The URL looks like: https://hostname:9443/NiceError.jsp?sessionDataKey=eabd6c25-7c79-40a9-af87-3cd80a68367e&loginStatus=true
That doesn't help.
How can this kind of thing be setup to work? It can't be hard with the right information. Right? :)
The referred documentation page is to customize error messages for identity related errors as its name sounds. It is not to create custom error pages.
By the way if you need to create custom error page, which is applicable to all web applications in your server instance, you may need to add your error page to web.xml in /repository/conf/tomcat/ directory. It defines default values for all web applications loaded into your instance of Tomcat. As each application get deployed, above file is processed, followed by the /WEB-INF/web.xml deployment descriptor from your own applications.
Thanks

How to Avoid a Mixed-Content Error When Displaying a Search Result?

Question:
How can I include both https: and http: results from a single domain in a Google custom search engine but display any such result in an iframe with a secure parent window?
How It's Structured:
My Google custom search engine currently searches "mydomainname.com/directory/" with the option to "Include all pages whose address contains this URL". It operates on a specific page of the website to search pages within the specified directory. The Link Target set in Websearch Settings is an iframe on the same page as the search bar.
The browser window and the iframe src are both on the same secure domain. And since the search results are all from a directory within the site structure, are all on this same domain as well.
Currently some results appear as "https://..." and some appear "www...". Obviously, this creates a mixed-content error when the browser window is https:// and an attempt is made to display a http:// search result in the iframe.
The results that are http:// will, of course, also work as https:// urls. I do not know what makes a page or file appear in the search results as "www." or "https://" when they all originate from a single secure domain.
The "http://" results appear even if I specify the site to be searched as https://www.mydomainname.com/directory/. I don't want to exclude these results, but I want them to be able to be displayed when browsing the site securely.
The Objective:
So the bottom-line rule that I need to work around is that insecure pages or files cannot be loaded into an iframe on a secure web page. I obviously want users to be able to utilize the https:// site but then I need the search to function in such a way that allows for all possible search results for these users.
The reason I need the results' target to be this iframe is that this is the frame that displays all the content of the web page. The search results work in harmony with the organization of other information. Such that choosing a link from a category in the page's navigation and choosing a search result from the custom search result display the chosen content into the same location, the iframe.
What I've Tried:
I've tried designating https:// specifically in the Google Search Engine (gse) settings and removing : 'http' from the script line gcse.src =(document.location.protocol == 'https:' ? 'https:' : 'http:') + '//cse.google.com/cse.js?cx=' + cx;.
I looked in the script file that it's linking to: http://cse.google.com/cse.js?cx=012685392925564329750:ghl2znnfada but I can't decipher what might need to be changed in it.
In the error log on the console I don't see much to be relevant except for the expected inability to load insecure pages while browsing securely. But there is this that looks like (maybe) it's relevant? though I could be completely wrong because I can't really decipher it either:
Mixed Content: The page at
'https://mydomainname.com/directory/index.php' was loaded over HTTPS,
but requested an insecure script 'http://www.google.com/jsapi?
key=ABQIAAAAdCtw6Xq1Q31YAr7VSQOSvxS5g7WKqCWUBuUdhz3-
rUOumR2saRSPGvey2WjYALW7f5_JzakSL3lAEg'. This request has been blocked;
the content must be served over HTTPS.
Insecure Script from Error Message:
http://www.google.com/jsapi?key=ABQIAAAAdCtw6Xq1Q31YAr7VSQOSvxS5g7WKqCWUBuUdhz3-rUOumR2saRSPGvey2WjYALW7f5_JzakSL3lAEg
Proposed Paths to a Solution:
I am open to any solution methods that may be possible. I have considered several routes but am not sure how to properly execute them or have failed in my attempts to execute them.
Some solutions I thought may work are:
Show all results as https:// links (without excluding any) so that they can be accessed whether on a secure connection to the site or not.
Redirect any links clicked without https:// to be loaded into the iframe as https://
Change something about the pages and files on the server so that they only appear in the search results as https://
Change something about Google's search engine script so it parses all found results as https://
Somehow show links as http:// if browsing non-secure, and https:// if browsing secure *
*I don't know how viable or efficient this would be
The most robust solution is to migrate all your website in https :
use 301 (permanent) redirect from http to https
and activate HSTS (if possible with includeSubdomains)
Google will take a little time to update his index but the HSTS will automatically replace http by https so you should avoid any mixed content issues.