Enforcing HTTPS on Commerce-related pages

Current version: 10.3

There is a processor in the Sitecore.Commerce.XA.Foundation.common.config configuration file that is part of the <httpRequestBegin> pipeline, which enforces HTTPS on all Commerce-related pages when running a live storefront. If a visitor tries to use HTTP to access a page that was created with the _CommercePage foundation template, the processor redirects the page to HTTPS.

Note

The pipeline does not enforce HTTPS in the Experience Editor, or if the page was not created with the _CommercePage foundation template.

Configuration

The processor is defined in the Sitecore.Commerce.XA.Foundation.common.config configuration file as follows:

RequestResponse
<httpRequestBegin>
    <processor type="Sitecore.Commerce.XA.Foundation.Common.Pipelines.SecuredPageProcessor, Sitecore.Commerce.XA.Foundation.Common"
               patch:after="processor[@type='Sitecore.Pipelines.HttpRequest.ItemResolver, Sitecore.Kernel']" />
</httpRequestBegin>

If you do not want to enforce HTTPS on a specific storefront site, you can disable the Enforce SSL field in the Commerce Control Panel settings for the storefront (in /sitecore/Commerce/Commerce Control Panel/Storefront Settings/Storefronts/<storefront name>/Storefront Configuration).

If you do not want to enforce HTTPS on any sites in your installation, you can remove the processor from the configuration file.

Do you have some feedback for us?

If you have suggestions for improving this article,