Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Neutral
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.4, 1.2.3
    • Labels:
    • Release notes required:
      Yes
    • Sprint:
      Basel 29
    • Magnolia Release:
      5.3.13, 5.4.5

      Description

      uri-starts-with-sitename rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) – identified by the site prefix, e.g. http://www.demo-features.com/demo-project/about/subsection-articles/article.html where demo-project identifies the site-name but www.demo-features.com is mapped to the actual demo-features site.

      To evaluate:

      • Would it make sense to only use this rule in the admin instance?
      • Should we only generate link with this particual site prefix on an admin instance too

      See related support issue for a thorough description.

      Suggested solution

      We provide an AdminOnlyMatcher that only matches on the author-instance (checking the ServerConfiguration). With the matcher one can limit the evaluation of the problematic rule uri-starts-with-sitename to be active on admin only, preventing cross-site-access via <sitename> prefix on the public instance.

      Notes

      We do not install this by default as it might prevent the bundle from working on localhost – as our demo sites and domains might not be fully configured.

      To use this matcher it simply has to be set on the rule uri-starts-with-sitename as an additional matcher. See

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pmundt Philip Mundt
                Reporter:
                pmundt Philip Mundt
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: