Skip to main content

i4connected Knowledgebase 5.6

Enabling and using HTTP access


If you are using the i4connected application upgraded to version 5.6.8 or higher, check out this article and learn how to enable the possibility to use it with HTTP.

Since version 5.6.8 of i4connected, the application uses the HTTPS protocol, by default. In order to enable and use HTTP access, instead of HTTPS, the system administrator needs to proceed as follows:

  1. Open the Web.config file, under the i4connected API folder.

  2. Comment out the Expect-CT header.

    <!-- Comment out Expect-CT if installation is using http and not https -->        

    <add name="Expect-CT" value="max-age=7776000, enforce, report-uri= &quot;&amp;quot;" />

  3. Next, open the Web.config file, under the i4connected WEB folder.

  4. Comment out the Strict-Transport-Security, Expect-CT, and Content-Security-Policy headers.

    <-- If installation is using http and not https comment out the following headers:

    Strict-Transport-Security, Expect-CT -->        

    <add name="X-Frame-Options" value="DENY" />       

    <add name="Content-Disposition" value="inline" />        

    <!-- Remove 'upgrade-insecure-requests;' from Content-Security-Policy if Portal uses http -->        

    <!-- Comment out 'Content-Security-Policy' if API uses http -->        

    <add name="Content-Security-Policy" value="default-src 'self' https: http:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http:; style-src 'self' 'unsafe-inline' https: http:; connect-src 'self' wss: https: http:; img-src 'self' data: https: http:" />

  5. In the Database proceed with the following settings:

    1. Open the ClientRedirectUris table and make sure that all your Urls have the https protocol.

    2. Open the ClientPostLogoutRedirectUris table and make sure that all your Urls have the https protocol.