diff --git a/CHANGELOG.md b/CHANGELOG.md
index 817b9eb69..6e00dac79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,8 +3,11 @@
 
 1. [](#new)
     * Added support for custom `FormFlash` save locations
-    * Added new configuration option `system.languages.include_default_lang_file_extension` to keep default language in `.md` files if set to `false`
+1. [](#improved)
+    * Use new `Utils::getSupportedPageTypes()` to enforce `html,htm` at the front of the list [#2531](https://github.com/getgrav/grav/issues/2531)  
 1. [](#bugfix)
+    * Fixed some potential issues when `$grav['user']` is not set
+    * Added new configuration option `system.languages.include_default_lang_file_extension` to keep default language in `.md` files if set to `false`
     * Fixed `.md` page to be assigned to the default language and to be listed in translated/untranslated page list
     * Fixed `Language::getFallbackPageExtensions()` to append `.md` file after the default language extension
 
diff --git a/system/src/Grav/Common/Data/Blueprint.php b/system/src/Grav/Common/Data/Blueprint.php
index 2beeea828..e7037774f 100644
--- a/system/src/Grav/Common/Data/Blueprint.php
+++ b/system/src/Grav/Common/Data/Blueprint.php
@@ -378,14 +378,12 @@ class Blueprint extends BlueprintForm
         $grav = Grav::instance();
         $actions = (array)$call['params'];
 
-        /** @var UserInterface $user */
-        if (isset($grav['user'])) {
-            $user = Grav::instance()['user'];
-            foreach ($actions as $action) {
-                if (!$user->authorize($action)) {
-                    $this->addPropertyRecursive($field, 'validate', ['ignore' => true]);
-                    return;
-                }
+        /** @var UserInterface|null $user */
+        $user = $grav['user'] ?? null;
+        foreach ($actions as $action) {
+            if (!$user || !$user->authorize($action)) {
+                $this->addPropertyRecursive($field, 'validate', ['ignore' => true]);
+                return;
             }
         }
     }
diff --git a/system/src/Grav/Common/GPM/Licenses.php b/system/src/Grav/Common/GPM/Licenses.php
index fd0f21c6e..14c925832 100644
--- a/system/src/Grav/Common/GPM/Licenses.php
+++ b/system/src/Grav/Common/GPM/Licenses.php
@@ -103,7 +103,7 @@ class Licenses
     }
 
     /**
-     * Get's the License File object
+     * Get the License File object
      *
      * @return \RocketTheme\Toolbox\File\FileInterface
      */
diff --git a/system/src/Grav/Common/Language/Language.php b/system/src/Grav/Common/Language/Language.php
index b5876f086..cc389dc8f 100644
--- a/system/src/Grav/Common/Language/Language.php
+++ b/system/src/Grav/Common/Language/Language.php
@@ -234,7 +234,7 @@ class Language
     }
 
     /**
-     * Get's a URL prefix based on configuration
+     * Get a URL prefix based on configuration
      *
      * @param string|null $lang
      * @return string
diff --git a/system/src/Grav/Common/Page/Medium/ImageMedium.php b/system/src/Grav/Common/Page/Medium/ImageMedium.php
index 936f696a9..1925bef81 100644
--- a/system/src/Grav/Common/Page/Medium/ImageMedium.php
+++ b/system/src/Grav/Common/Page/Medium/ImageMedium.php
@@ -232,7 +232,7 @@ class ImageMedium extends Medium
     }
 
     /**
-     * Allows the ability to override the Inmage's Pretty name stored in cache
+     * Allows the ability to override the image's pretty name stored in cache
      *
      * @param string $name
      */
diff --git a/system/src/Grav/Common/Page/Page.php b/system/src/Grav/Common/Page/Page.php
index 5da8920cb..8f197d212 100644
--- a/system/src/Grav/Common/Page/Page.php
+++ b/system/src/Grav/Common/Page/Page.php
@@ -1457,7 +1457,7 @@ class Page implements PageInterface
         if (is_string($http_accept)) {
             $negotiator = new Negotiator();
 
-            $supported_types = Grav::instance()['config']->get('system.pages.types', ['html', 'json']);
+            $supported_types = Utils::getSupportPageTypes(['html', 'json']);
             $priorities = Utils::getMimeTypes($supported_types);
 
             $media_type = $negotiator->getBest($http_accept, $priorities);
diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php
index 7e596d98a..e5d4fa821 100644
--- a/system/src/Grav/Common/Twig/TwigExtension.php
+++ b/system/src/Grav/Common/Twig/TwigExtension.php
@@ -455,7 +455,7 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn
     }
 
     /**
-     * Gets a human readable output for cron sytnax
+     * Gets a human readable output for cron syntax
      *
      * @param $at
      * @return string
@@ -1004,10 +1004,10 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn
      */
     public function authorize($action)
     {
-        /** @var UserInterface $user */
-        $user = $this->grav['user'];
+        /** @var UserInterface|null $user */
+        $user = $this->grav['user'] ?? null;
 
-        if (!$user->authenticated || (isset($user->authorized) && !$user->authorized)) {
+        if (!$user || !$user->authenticated || (isset($user->authorized) && !$user->authorized)) {
             return false;
         }
 
@@ -1136,7 +1136,7 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn
     }
 
     /**
-     * Get's the Exif data for a file
+     * Get the Exif data for a file
      *
      * @param string $image
      * @param bool $raw
diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php
index 0bcba9a8c..16d7fb166 100644
--- a/system/src/Grav/Common/Uri.php
+++ b/system/src/Grav/Common/Uri.php
@@ -1286,7 +1286,7 @@ class Uri
     }
 
     /**
-     * Get's post from either $_POST or JSON response object
+     * Get post from either $_POST or JSON response object
      * By default returns all data, or can return a single item
      *
      * @param string $element
@@ -1345,7 +1345,7 @@ class Uri
      */
     public function isValidExtension($extension)
     {
-        $valid_page_types = implode('|', Grav::instance()['config']->get('system.pages.types'));
+        $valid_page_types = implode('|', Utils::getSupportPageTypes());
 
         // Strip the file extension for valid page types
         if (preg_match('/(' . $valid_page_types . ')/', $extension)) {
diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php
index a19373585..d535150fc 100644
--- a/system/src/Grav/Common/Utils.php
+++ b/system/src/Grav/Common/Utils.php
@@ -28,7 +28,7 @@ abstract class Utils
     /**
      * Simple helper method to make getting a Grav URL easier
      *
-     * @param string $input
+     * @param string|object $input
      * @param bool $domain
      * @param bool $fail_gracefully
      * @return bool|null|string
@@ -68,11 +68,7 @@ abstract class Utils
                 try {
                     $resource = $locator->findResource("{$parts['scheme']}://{$parts['host']}{$parts['path']}", false);
                 } catch (\Exception $e) {
-                    if ($fail_gracefully) {
-                        return $input;
-                    } else {
-                        return false;
-                    }
+                    return $fail_gracefully ? $input : false;
                 }
 
                 if ($resource && isset($parts['query'])) {
@@ -288,6 +284,24 @@ abstract class Utils
         return (object)array_merge((array)$obj1, (array)$obj2);
     }
 
+    /**
+     * Simple function to remove item/s in an array by value
+     *
+     * @param $search array
+     * @param $value string|array
+     * @return array
+     */
+    public static function arrayRemoveValue(Array $search, $value)
+    {
+        foreach ((array) $value as $val) {
+            $key = array_search($val, $search);
+            if ($key !== false) {
+                unset($search[$key]);
+            }
+        }
+        return $search;
+    }
+
     /**
      * Recursive Merge with uniqueness
      *
@@ -1070,12 +1084,9 @@ abstract class Utils
      */
     private static function generateNonceString($action, $previousTick = false)
     {
-        $username = '';
-        if (isset(Grav::instance()['user'])) {
-            $user = Grav::instance()['user'];
-            $username = $user->username;
-        }
+        $grav = Grav::instance();
 
+        $username = isset($grav['user']) ? $grav['user']->username : '';
         $token = session_id();
         $i = self::nonceTick();
 
@@ -1083,7 +1094,7 @@ abstract class Utils
             $i--;
         }
 
-        return ($i . '|' . $action . '|' . $username . '|' . $token . '|' . Grav::instance()['config']->get('security.salt'));
+        return ($i . '|' . $action . '|' . $username . '|' . $token . '|' . $grav['config']->get('security.salt'));
     }
 
     /**
@@ -1297,7 +1308,7 @@ abstract class Utils
     }
 
     /**
-     * Get's path based on a token
+     * Get path based on a token
      *
      * @param string $path
      * @param PageInterface|null $page
@@ -1534,4 +1545,23 @@ abstract class Utils
 
         return $subnet;
     }
+
+    /**
+     * Wrapper to ensure html, htm in the front of the supported page types
+     *
+     * @param array|null $defaults
+     * @return array|mixed
+     */
+    public static function getSupportPageTypes(array $defaults = null)
+    {
+        $types = Grav::instance()['config']->get('system.pages.types', $defaults);
+
+        // remove html/htm
+        $types = static::arrayRemoveValue($types, ['html', 'htm']);
+
+        // put them back at the front
+        $types = array_merge(['html', 'htm'], $types);
+
+        return $types;
+    }
 }
diff --git a/system/src/Grav/Framework/Collection/AbstractIndexCollection.php b/system/src/Grav/Framework/Collection/AbstractIndexCollection.php
index 7299c0961..0e4fae22d 100644
--- a/system/src/Grav/Framework/Collection/AbstractIndexCollection.php
+++ b/system/src/Grav/Framework/Collection/AbstractIndexCollection.php
@@ -437,7 +437,7 @@ abstract class AbstractIndexCollection implements CollectionInterface
     }
 
     /**
-     * Implementes JsonSerializable interface.
+     * Implements JsonSerializable interface.
      *
      * @return array
      */
diff --git a/system/src/Grav/Framework/Collection/ArrayCollection.php b/system/src/Grav/Framework/Collection/ArrayCollection.php
index d3a200247..f79ab9614 100644
--- a/system/src/Grav/Framework/Collection/ArrayCollection.php
+++ b/system/src/Grav/Framework/Collection/ArrayCollection.php
@@ -84,7 +84,7 @@ class ArrayCollection extends BaseArrayCollection implements CollectionInterface
     }
 
     /**
-     * Implementes JsonSerializable interface.
+     * Implements JsonSerializable interface.
      *
      * @return array
      */
diff --git a/system/src/Grav/Framework/File/Formatter/YamlFormatter.php b/system/src/Grav/Framework/File/Formatter/YamlFormatter.php
index 05b09a515..189626d28 100644
--- a/system/src/Grav/Framework/File/Formatter/YamlFormatter.php
+++ b/system/src/Grav/Framework/File/Formatter/YamlFormatter.php
@@ -97,7 +97,7 @@ class YamlFormatter extends AbstractFormatter
             @ini_set('yaml.decode_php', $saved);
 
             if ($decoded !== false) {
-                return $decoded;
+                return (array) $decoded;
             }
         }
 
diff --git a/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php b/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php
index 643004e74..e1b63d966 100644
--- a/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php
+++ b/system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php
@@ -27,10 +27,10 @@ trait FlexAuthorizeTrait
     {
         if (null === $user) {
             /** @var UserInterface $user */
-            $user = Grav::instance()['user'];
+            $user = Grav::instance()['user'] ?? null;
         }
 
-        return $this->isAuthorizedAction($user, $action, $scope) || $this->isAuthorizedSuperAdmin($user);
+        return $user && ($this->isAuthorizedAction($user, $action, $scope) || $this->isAuthorizedSuperAdmin($user));
     }
 
     protected function isAuthorizedSuperAdmin(UserInterface $user): bool