Issues with Redirects post go-live of multiple sites within the Single instance of Sitecore XMCloud

We have taken live a number of sites that all sit under the single instance of Sitecore XMCloud CMS solution with Netlify (https://www.cimic.com.au/ and all of its group sites i.e. https://www.cpbcon.com.au/, https://www.leightonasia.com/ to name a few). However, after launch we have noticed a number of issues.

I’m summarising these below for us to discuss and identify the root causes of the same, so they can be addressed:

  1. Redirects

a. We have noticed that the sites which have 1 language set, it will at times suddenly redirect the homepage to _site_group depending on the site.
b. We have noticed that for sites where there are 2 or more languages set, it will suddenly redirect to zh-cn as a default to load

With both of the above issues, we just had to do a new release, and then it will start working.

  1. Content Security Policy (CSP)

a. We have added CSP to header in netlify.toml file but it does not reflect on the page. We have followed the guide under Netlify Content-Security-Policy Example

  1. Error Pages

a. Error pages are statically generated, so not sure why they are timing out when loading the same.

As you can appreciate, these issues are causing a lot of noise with the client, and we are keen to iron these out asap. Any inputs/insights into the resolution of these issues will be much appreciated.

Which are those sites?

Could you share an example URL or better yet, a HAR file recording?

Which are these sites?

netlify.toml doesn’t apply to Function generated content like SSR/ISR. This is a documented limitation. Set the correct headers from within your content, or use Edge Functions to add those headers.

Which page is giving this error?

Hi @Hrishikesh,

Our team has managed to find a fix for all of the issues we faced after taking the sites live. They had to change a configuration for one of the Netlify plugins NEXT_DISABLE_NETLIFY_EDGE = true. So disabling this enabled all of the other issues to be resolved.

1 Like

thanks for sharing this with the community.

Hi @SamO,

We have encountered another issue when setting NEXT_DISABLE_NETLIFY_EDGE = true. Any redirects set in the CMS is not getting picked up. We have to hardcode the redirects into the next.config.js file which is our temporary work around for it to work.

We have setup a test site https://feature-allan-test--gleeful-salamander-0c846a.netlify.app/ and setting NEXT_DISABLE_NETLIFY_EDGE = false. All the issues raised by Vidya is back

  1. error page returning function crash error page instead of https://www.cimic.com.au/scsdc. Timeout was increased to 26 seconds on the main site and error still persist until we disable the Netlify Edge.
  2. CSP missing from page
  3. random redirect on homepage - we are not sure what is causing this or how to trigger it.

But redirects set in CMS is working.

Any idea on how to get all these working together?

This should never be used in practical scenarios.

Please share a link of a ddploy with Edge enabled vs disabled along with the path on your website that has this issue so we can compare.

How’s it being set?

What do you mean by random? Does it happen randomly or do you get redirected to random locations, or something else?

How exactly are you setting CMS redirects without next.config.js?

Hi @hrishikesh,

https://feature-allan-test--gleeful-salamander-0c846a.netlify.app/ is the site with Edge enabled. We’ve tested the error page again this morning and it is loading as expected. So we are at a lost on why sometimes it is slow and sometime it load normally.

We have set CSP in next.config.js, but none of these works. We have set CSP in the netlify.toml file and these does not work on ISR pages.

Redirect in next.config.js does not work for us too. Only works when we add them to the netlify.toml file. Redirects setup in Sitecore works when we are using next version 13.4.12 but when we go higher, it doesn’t work ie 13.4.16.

When we first go live with the sites,

  1. For sites that only has 1 language, the hompage will at random redirect to site(sitename) and give a 404 error page because it does not exist. It will never go back to the proper homepage unless we trigger another deployment.
  2. For sites that has 2 languages, the homepage will at random redirect to the other language instead of English. Same as the above, it will not go back to the English language unless we trigger another deployment.

We are not sure if there is a caching somewhere or settings that we miss out that is causing the above issues.

These won’t work on static assets.

This is currently expected.

This is not expected, but I’ve seen this happen in the past and could confirm it’s a bug on our end.

To troubleshoot the problem with random redirects, do you mind providing a HAR file?

@hrishikesh

How can we get the CSP to work for ISR pages? Our understanding is if it is set in the next.config.js header, it should work for ISR pages.

Do you know when the bug for the redirect in next.config.js will be fixed?

We are currently working with the client on deciding with site to use for removing NEXT_DISABLE_NETLIFY_EDGE setting. We will provide the HAR file once we see this happening again.

Yeah, it should. Could you share a URL where it doesn’t?

It’s fixed in the private beta that has been released today.

Hi @hrishikesh,

We have trigger a redeploy again this morning and can confirm that redirect is working now.

As for CSP, you can have a look at https://feature-allan-test--gleeful-salamander-0c846a.netlify.app/ vs https://65a84dac70de3e00080dfcef--gleeful-salamander-0c846a.netlify.app/_next/static/css/02a1cd9205dad749.css when set in netlify.toml file.

Below is what is in the next.config

async headers() {
return [
{
source: “/”,
headers: [
{
key: ‘Strict-Transport-Security’,
value: ‘max-age=31536000; includeSubDomains’
},
{
key: ‘X-XSS-Protection’,
value: ‘1; mode=block’
},
{
key: ‘X-Content-Type-Options’,
value: ‘nosniff’
},
{
key: ‘Content-Security-Policy’,
value: ‘default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'none';’
}
]
}
]
},

This one is expected as it’s a static file, so headers for that would have to be set through netlify.toml

This one might be a bug in the current runtime and should be fixed in the upcoming releases.

@hrishikesh Can you let us know when is the next release?

We don’t have a specific day for the release but we will update when we do.

@hrishikesh We have a site that is using Netlify Edge Functions that is redirecting the homepage from https://www.iddtech.com.au/ to https://www.iddtech.com.au/_site_iddtech. The last deployment for this site was 31st Jan and the issue just show up around 5mins ago. Is has been working properly since deployment.

Other sites that we have that is not using Netlify Edge Functions does not have this issue.

Please investigate.

Thanks.

Based on the logs:

it appears that it’s your code handling the redirect? You have added a middleware that says redirect middleware start, so are you sure the redirect is not happening there? We don’t add any such redirect from our end.

Hi @hrishikesh,

What we don’t understand is why the problem gets fix once we trigger another build/deployment with no code changes. Why does it happen after a certain time or request or whatever triggers it.

The Next.js Runtime v5 is dropping in Release Candidate version next week, so I’d recommend trying with that.

1 Like