-
Sub-task
-
Resolution: Fixed
-
Neutral
-
None
-
-
Yes
-
Basel 29
uri-starts-with-sitename rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) – identified by the site prefix, e.g. http://www.demo-features.com/demo-project/about/subsection-articles/article.html where demo-project identifies the site-name but www.demo-features.com is mapped to the actual demo-features site.
To evaluate:
- Would it make sense to only use this rule in the admin instance?
- Should we only generate link with this particual site prefix on an admin instance too
See related support issue for a thorough description.
Suggested solution
We provide an AdminOnlyMatcher that only matches on the author-instance (checking the ServerConfiguration). With the matcher one can limit the evaluation of the problematic rule uri-starts-with-sitename to be active on admin only, preventing cross-site-access via <sitename> prefix on the public instance.
Notes
We do not install this by default as it might prevent the bundle from working on localhost – as our demo sites and domains might not be fully configured.
To use this matcher it simply has to be set on the rule uri-starts-with-sitename as an additional matcher. See
- relates to
-
MULTISITE-63 Using site A prefix + node path from site B passes CrossSite filter
- Closed
-
MULTISITE-56 Inline rich text links don't necessarily work on public instances
- Closed
- mentioned in
-
Page Loading...