When I modify the site evaluation rules I still get valid page links when added in the ckEditor (MULTISITE-48)

[MULTISITE-55] Re-evaluate cross site access rules Created: 25/Aug/15  Updated: 08/Aug/16  Resolved: 29/Jan/16

Status: Closed
Project: Magnolia Multisite Module
Component/s: None
Affects Version/s: None
Fix Version/s: 1.1.4, 1.2.3

Type: Sub-task Priority: Neutral
Reporter: Philip Mundt Assignee: Philip Mundt
Resolution: Fixed Votes: 0
Labels: documentation
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File multisite_with_adminOnlyMatcher.png    
Issue Links:
Relates
relates to MULTISITE-63 Using site A prefix + node path from ... Closed
relates to MULTISITE-56 Inline rich text links don't necessar... Closed
Template:
Release notes required:
Yes
Sprint: Basel 29

 Description   

uri-starts-with-sitename rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) – identified by the site prefix, e.g. http://www.demo-features.com/demo-project/about/subsection-articles/article.html where demo-project identifies the site-name but www.demo-features.com is mapped to the actual demo-features site.

To evaluate:

  • Would it make sense to only use this rule in the admin instance?
  • Should we only generate link with this particual site prefix on an admin instance too

See related support issue for a thorough description.

Suggested solution

We provide an AdminOnlyMatcher that only matches on the author-instance (checking the ServerConfiguration). With the matcher one can limit the evaluation of the problematic rule uri-starts-with-sitename to be active on admin only, preventing cross-site-access via <sitename> prefix on the public instance.

Notes

We do not install this by default as it might prevent the bundle from working on localhost – as our demo sites and domains might not be fully configured.

To use this matcher it simply has to be set on the rule uri-starts-with-sitename as an additional matcher. See



 Comments   
Comment by Philip Mundt [ 01/Feb/16 ]

To QA:

  • Set AdminOnlyMatcher on uri-starts-with-sitename (see attachement of issue)
  • Activate rules
  • Depending on the demo installed (stk vs. travel)
    • Setup your /etc/hosts file with given domains (pointing to 127.0.0.1)
    • and access sites through given domains (adding the port obviously – also add this to the domain config)
  • Make sure site are not (cross-) accessible by providing <sitename> in URL
Generated at Mon Feb 12 06:05:59 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.