Enforcing HTTPS on Commerce-related pages
There is a processor in the Sitecore.Commerce.XA.Foundation.common.config
configuration file that is part of the <httpRequestBegin>
pipeline, which enforces HTTPS on all Commerce-related pages when running a live storefront. If a visitor tries to use HTTP to access a page that was created with the _CommercePage foundation template, the processor redirects the page to HTTPS.
The pipeline does not enforce HTTPS in the Experience Editor, or if the page was not created with the _CommercePage foundation template.
Configuration
The processor is defined in the Sitecore.Commerce.XA.Foundation.common.config
configuration file as follows:
<httpRequestBegin>
<processor type="Sitecore.Commerce.XA.Foundation.Common.Pipelines.SecuredPageProcessor, Sitecore.Commerce.XA.Foundation.Common"
patch:after="processor[@type='Sitecore.Pipelines.HttpRequest.ItemResolver, Sitecore.Kernel']" />
</httpRequestBegin>
If you do not want to enforce HTTPS on a specific storefront site, you can disable the Enforce SSL field in the Commerce Control Panel settings for the storefront (in /sitecore/Commerce/Commerce Control Panel/Storefront Settings/Storefronts/<storefront name>/Storefront Configuration).
If you do not want to enforce HTTPS on any sites in your installation, you can remove the processor from the configuration file.