Change Details

IMPORTANT: Replace `test.domain.com` with the domain you're using during test execution. # Preconditions # the HTTP code of the page can be seen in the `Network` of the Web Browser inspector # check for not allowed/domain protocol combo looks like this: * with Debug Mode disabled: * the page is blank * the HTTP 404 error code sent * with Debug Mode enabled: * the page displays a debugger toolbar and the `The "..." protocol/domain combo is not allowed.` text (the `...` is replaced with used domain/protocol) * the HTTP 404 error code sent # used domains: * `test.domain.com` - base domain for testing * `sd1-http.test.domain.com` - domain, where 1st site domain could be accessed via `http://` protocol * `sd1-https.test.domain.com` - domain, where 1st site domain could be accessed via `https://` protocol * `sd2-http.test.domain.com` - domain, where 2nd site domain could be accessed via `http://` protocol * `admin1-https.test.domain.com` - domain, where Admin Console can be accessed over https * `admin2-https.test.domain.com` - domain, where Admin Console can be accessed over https * `front-https.test.domain.com` - domain, where Front-End can be accessed over https # Preparations IMPORTANT: Don't apply the patch yet. * in any editor: # open the OS-specific `hosts` file (the `C:\Windows\System32\drivers\etc\hosts` on Windows; the `/etc/hosts` on macOS/Linux) for editing as Administrator # add entries for each of the above-shown domains in there (e.g. if you have `aaa.bbb.ccc.ddd test.domain.com` entry, then add `aaa.bbb.ccc.ddd sd1-http.test.domain.com` entry and so on) # save changes * in the IDE: # open the `/system/config.php` file for editing # set the `$_CONFIG['Misc']['Domain']` setting to the `test.domain.com` # save changes # open the `themes/advanced/index.tpl` file for editing # add the `[Site Domain ID: <inp2:site-domain.current_Field name="DomainId"/>]<br/>` line above the `<inp2:st_ContentBlock num="1"/>` line # save changes * in the Admin Console: 1. login to the Admin Console by accessing it on the `test.domain.com` domain over `http://` protocol 2. go to the {nav Configuration > Website > Advanced} section 3. clear these system settings: * `SSL Domain (www.domain.com)` * `SSL Domain for Administrative Console (www.domain.com)` 4. uncheck these system settings: * `Require SSL for login & checkout` * `Require SSL for Administrative Console` 5. `Session Cookie Domains (single domain per line)` system setting to this value (multi-line): ``` test.domain.com admin1-https.test.domain.com admin2-https.test.domain.com front-https.test.domain.com ``` 6. save changes 7. go to the {nav Configuration > Website > Site Domains} section 8. add 1st site domain with `Domain Name=sd1-http.test.domain.com` and `SSL Domain Name=sd1-https.test.domain.com` 9. add 2nd site domain with `Domain Name=sd2-http.test.domain.com` 10. logout from the Admin Console 11. delete all cookies * apply the patch # Part 1 - access Admin Console over SSL, when it's not configured # open the Admin Console login screen using `test.domain.com` and `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're on the Admin Console login screen # open the Admin Console login screen using `test.domain.com` and `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 2 - access Admin Console over SSL, when it's configured # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain for Administrative Console (www.domain.com)` system setting to the `admin1-https.test.domain.com` # save changes # confirm that you're stayed on the same page (setting page) # logout # confirm, that: * you're stayed on the same domain/protocol * you're seeing an Admin Console login screen * you stayed on the `admin1-https.test.domain.com` domain and `http://` protocol # try changing domain the URL to the `admin1-https.test.domain.com`, but keeping protocol as-is (the `http://`) # confirm that domain/protocol combo is **forbidden** # try changing protocol in the URL to the `https://`, but keep domain as-is (the `admin1-https.test.domain.com`) # confirm that you see the login screen # Part 3 - changing Admin Console SSL domain # open the Admin Console login screen using `admin1-https.test.domain.com` and `https://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain for Administrative Console (www.domain.com)` system setting to the `admin2-https.test.domain.com` # save changes # confirm, that: * you're stayed on the same protocol * you're seeing an Admin Console login screen * you redirected to the `admin2-https.test.domain.com` domain and stayed on the `https://` protocol # open the Admin Console login screen using `admin1-https.test.domain.com` and `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 4 - dual (http & https) site domain access checking # open the `sd1-https.test.domain.com` using `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 1]` text (replace `1` with ID of 1st created site domain) # open the `sd1-https.test.domain.com` using `http://` protocol # confirm that domain/protocol combo is **forbidden** # open the `sd1-http.test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 1]` text (replace `1` with ID of 1st created site domain) # open the `sd1-http.test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 5 - single (http) site domain access checking # open the `sd2-http.test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 2]` text (replace `2` with ID of 2nd created site domain) # open the `sd2-http.test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 6 - single (http) main website access checking # open the `test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 7 - dual (http & https) main website access checking # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain (www.domain.com)` system setting to the `front-https.test.domain.com` # save changes # logout # open the `test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `front-https.test.domain.com` using `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `front-https.test.domain.com` using `http://` protocol # confirm that domain/protocol combo is **forbidden** # Part 8 - front-end SSL domain used in admin # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain (www.domain.com)` system setting to the `front-https.test.domain.com` # clear `SSL Domain for Administrative Console (www.domain.com)` system setting # save changes # logout # open the Admin Console login screen using `front-https.test.domain.com` and `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you see the login screen # open the Admin Console login screen using `front-https.test.domain.com` and `http://` protocol # confirm that domain/protocol combo is **forbidden**

TODOIMPORTANT: Replace `test.domain.com` with the domain you're using during test execution. # Preconditions # the HTTP code of the page can be seen in the `Network` of the Web Browser inspector # check for not allowed/domain protocol combo looks like this: * with Debug Mode disabled: * the page is blank * the HTTP 404 error code sent * with Debug Mode enabled: * the page displays a debugger toolbar and the `The "..." protocol/domain combo is not allowed.` text (the `...` is replaced with used domain/protocol) * the HTTP 404 error code sent # used domains: * `test.domain.com` - base domain for testing * `sd1-http.test.domain.com` - domain, where 1st site domain could be accessed via `http://` protocol * `sd1-https.test.domain.com` - domain, where 1st site domain could be accessed via `https://` protocol * `sd2-http.test.domain.com` - domain, where 2nd site domain could be accessed via `http://` protocol * `admin1-https.test.domain.com` - domain, where Admin Console can be accessed over https * `admin2-https.test.domain.com` - domain, where Admin Console can be accessed over https * `front-https.test.domain.com` - domain, where Front-End can be accessed over https # Preparations IMPORTANT: Don't apply the patch yet. * in any editor: # open the OS-specific `hosts` file (the `C:\Windows\System32\drivers\etc\hosts` on Windows; the `/etc/hosts` on macOS/Linux) for editing as Administrator # add entries for each of the above-shown domains in there (e.g. if you have `aaa.bbb.ccc.ddd test.domain.com` entry, then add `aaa.bbb.ccc.ddd sd1-http.test.domain.com` entry and so on) # save changes * in the IDE: # open the `/system/config.php` file for editing # set the `$_CONFIG['Misc']['Domain']` setting to the `test.domain.com` # save changes # open the `themes/advanced/index.tpl` file for editing # add the `[Site Domain ID: <inp2:site-domain.current_Field name="DomainId"/>]<br/>` line above the `<inp2:st_ContentBlock num="1"/>` line # save changes * in the Admin Console: 1. login to the Admin Console by accessing it on the `test.domain.com` domain over `http://` protocol 2. go to the {nav Configuration > Website > Advanced} section 3. clear these system settings: * `SSL Domain (www.domain.com)` * `SSL Domain for Administrative Console (www.domain.com)` 4. uncheck these system settings: * `Require SSL for login & checkout` * `Require SSL for Administrative Console` 5. `Session Cookie Domains (single domain per line)` system setting to this value (multi-line): ``` test.domain.com admin1-https.test.domain.com admin2-https.test.domain.com front-https.test.domain.com ``` 6. save changes 7. go to the {nav Configuration > Website > Site Domains} section 8. add 1st site domain with `Domain Name=sd1-http.test.domain.com` and `SSL Domain Name=sd1-https.test.domain.com` 9. add 2nd site domain with `Domain Name=sd2-http.test.domain.com` 10. logout from the Admin Console 11. delete all cookies * apply the patch # Part 1 - access Admin Console over SSL, when it's not configured # open the Admin Console login screen using `test.domain.com` and `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're on the Admin Console login screen # open the Admin Console login screen using `test.domain.com` and `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 2 - access Admin Console over SSL, when it's configured # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain for Administrative Console (www.domain.com)` system setting to the `admin1-https.test.domain.com` # save changes # confirm that you're stayed on the same page (setting page) # logout # confirm, that: * you're stayed on the same domain/protocol * you're seeing an Admin Console login screen * you stayed on the `admin1-https.test.domain.com` domain and `http://` protocol # try changing domain the URL to the `admin1-https.test.domain.com`, but keeping protocol as-is (the `http://`) # confirm that domain/protocol combo is **forbidden** # try changing protocol in the URL to the `https://`, but keep domain as-is (the `admin1-https.test.domain.com`) # confirm that you see the login screen # Part 3 - changing Admin Console SSL domain # open the Admin Console login screen using `admin1-https.test.domain.com` and `https://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain for Administrative Console (www.domain.com)` system setting to the `admin2-https.test.domain.com` # save changes # confirm, that: * you're stayed on the same protocol * you're seeing an Admin Console login screen * you redirected to the `admin2-https.test.domain.com` domain and stayed on the `https://` protocol # open the Admin Console login screen using `admin1-https.test.domain.com` and `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 4 - dual (http & https) site domain access checking # open the `sd1-https.test.domain.com` using `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 1]` text (replace `1` with ID of 1st created site domain) # open the `sd1-https.test.domain.com` using `http://` protocol # confirm that domain/protocol combo is **forbidden** # open the `sd1-http.test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 1]` text (replace `1` with ID of 1st created site domain) # open the `sd1-http.test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 5 - single (http) site domain access checking # open the `sd2-http.test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 2]` text (replace `2` with ID of 2nd created site domain) # open the `sd2-http.test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 6 - single (http) main website access checking # open the `test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `test.domain.com` using `https://` protocol # confirm that domain/protocol combo is **forbidden** # Part 7 - dual (http & https) main website access checking # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain (www.domain.com)` system setting to the `front-https.test.domain.com` # save changes # logout # open the `test.domain.com` using `http://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `front-https.test.domain.com` using `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you're seeing `[Site Domain ID: 0]` text # open the `front-https.test.domain.com` using `http://` protocol # confirm that domain/protocol combo is **forbidden** # Part 8 - front-end SSL domain used in admin # open the Admin Console login screen using `test.domain.com` and `http://` protocol # go to the {nav Configuration > Website > Advanced} section # set `SSL Domain (www.domain.com)` system setting to the `front-https.test.domain.com` # clear `SSL Domain for Administrative Console (www.domain.com)` system setting # save changes # logout # open the Admin Console login screen using `front-https.test.domain.com` and `https://` protocol # confirm, that: * domain/protocol combo is **allowed** * you see the login screen # open the Admin Console login screen using `front-https.test.domain.com` and `http://` protocol # confirm that domain/protocol combo is **forbidden**