Force SSL option missing in Nop 4.3 ???

Any idea why this is missing in Nop 4.3 ? My page loads the non https version also, this shouldnt happen. What to do ? The option is not there in the general settings area nor all settings either.

Please read the release notes here https://www.nopcommerce.com/en/release-notes
"#4322 Drop "securitysettings.forcesslforallpages" setting"

I noticed that too. I am forcing a redirect to https on NGINX/Linux now. presumably an IIS rewrite/redirect is required on windows IIS.

in store settings i have enabled SSL but because the force ssl option is not there the http version of url is accessible. Client using shared hosting so url rewrite options not available. Any reason why this was dropped ?

here's the work item:

https://github.com/nopSolutions/nopCommerce/issues/4322

Does shared hosting not have a control panel option to force ssl on an individual website?

JonQuick wrote:

Thank You, let me check my hosting properly once more. Im using webwiz shared hosting since it supports .net core 3.1

The hosting cpanel does not seem to have url rewrite option, I'm waiting for their customer care response. If they are unable to do so, then i may have to try url rewrite via Web config file with the below code. Haven't tried if it would work though.

<system.webServer>    
   <rewrite>    
      <rules>    
      <rule name="Force HTTPS" enabled="true">    
   <match url="(.*)" ignoreCase="false"/>    
   <conditions>    
      <add input="{HTTPS}" pattern="off"/>    
   </conditions>    
   <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent"/>    
      </rule>    
      </rules>    
   </rewrite>    
</system.webServer>

Solved !
Okay so i got a reply from their customer care.
They have gone ahead and made the change for me in my webconfig file. Amazing support webwiz hosting has provided and i greatly appreciate help.

They have put the following lines of code into webconfig file to force SSL.

<rewrite>
     <rules>
          <rule name="Allow SSL File Verification" patternSyntax="Wildcard" stopProcessing="true">
               <match url=".well-known/*" />
               <action type="None" />
          </rule>
          <rule name="Redirect to HTTPS" stopProcessing="true">
                 <match url="(.*)" />
                 <conditions>
                     <add input="{HTTPS}" pattern="^OFF$" />
                     <add input="{URL}" pattern="/DefaultWorkflows/.+\.xamlx.*" negate="true" />
                 </conditions>
                 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
             </rule>
     </rules>
</rewrite>

vote up if you found this helpful.

Good config snippet to know.. thanks for sharing!

Jon

i made the change in webconfig but i get the following error.

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information:
Module     IIS Web Core
Notification     Unknown
Handler     Not yet determined
Error Code     0x8007000d
Config Error    
Config File     \\?\D:\store\Youemexxxxxxxx.com\web.config
Requested URL     http://youemexxxxxxxx.com:80/
Physical Path    
Logon Method     Not yet determined
Logon User     Not yet determined

Config Source:
   -1:
    0: