Cannot deploy CWP 2.0 to test environments

[robbieaverill]

The introduction of silverstripe/cwp-core@cf330de means that dev/build redirects to HTTPS, which prevents it from working.

Reproduce:

• Set SS_ENVIRONMENT_TYPE to test
• Run vendor/bin/sake dev/build

Fix options:

1. Disable YAML configuration introduces in the commit above for test environments
2. Release BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled silverstripe-framework#8158 in CWP 2.0.1
3. Overload CanonicalURLMiddleware in user code and forward port this fix

The most ideal option here (option 2) is to release CWP 2.0.1 with framework 4.1.2 in it, but this will also bring other changes with it, unless we want to cherry pick and only release this single commit - this isn't a sustainable option though, we already did that for 4.1.1.

Note that we could take option 3 and overload the middleware in CWP only to forward port this fix. This would then be deprecated in CWP 2.1 and configuration for it removed - we could also mark the API as internal very explicitly and then remove it again in CWP 2.1 without as much of a strict semver obligation...

cc @jakedaleweb @chillu @tractorcow

[maxime-rainville]

Silly idea here, but could we just disable ForceSSLPatterns if run from the CLI?

[robbieaverill]

@maxime-rainville yeah that's done in silverstripe/silverstripe-framework#8158 but requires a new recipe to release

[robbieaverill]

Ok have spoken on Slack with @chillu and @sminnee and agreed that the best solution for now is to overload CanonicalURLMiddleware in the cwp/cwp-core module and include the fix in silverstripe/silverstripe-framework#8158, then we can release a CWP 2.0.1 recipe which only differs in in that it contains this fix as well. This means we don't need to wait for a new SS 4.1.x recipe to be released, and don't introduce risk of commits that aren't security tested.

[robbieaverill]

Fixed with silverstripe/cwp-core#36, we'll release a 2.0.1 recipe tomorrow morning