<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 06:05:59 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MULTISITE-55] Re-evaluate cross site access rules</title>
                <link>https://jira.magnolia-cms.com/browse/MULTISITE-55</link>
                <project id="11086" key="MULTISITE">Magnolia Multisite Module</project>
                    <description>&lt;p&gt;&lt;tt&gt;uri-starts-with-sitename&lt;/tt&gt; rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) &#8211; identified by the site prefix, e.g. &lt;tt&gt;&lt;a href=&quot;http://www.demo-features.com/demo-project/about/subsection-articles/article.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://www.demo-features.com/demo-project/about/subsection-articles/article.html&lt;/a&gt;&lt;/tt&gt; where &lt;tt&gt;demo-project&lt;/tt&gt; identifies the site-name but &lt;tt&gt;www.demo-features.com&lt;/tt&gt; is mapped to the actual &lt;tt&gt;demo-features&lt;/tt&gt; site.&lt;/p&gt;

&lt;p&gt;To evaluate:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Would it make sense to only use this rule in the admin instance?&lt;/li&gt;
	&lt;li&gt;Should we only generate link with this particual site prefix on an admin instance too&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;See related support issue for a thorough description.&lt;/p&gt;

&lt;h5&gt;&lt;a name=&quot;Suggestedsolution&quot;&gt;&lt;/a&gt;Suggested solution&lt;/h5&gt;

&lt;p&gt;We provide an &lt;tt&gt;AdminOnlyMatcher&lt;/tt&gt; that only matches on the author-instance (checking the &lt;tt&gt;ServerConfiguration&lt;/tt&gt;). With the matcher one can limit the evaluation of the problematic rule &lt;tt&gt;uri-starts-with-sitename&lt;/tt&gt; to be active on admin only, preventing cross-site-access via &lt;tt&gt;&amp;lt;sitename&amp;gt;&lt;/tt&gt; prefix on the public instance.&lt;/p&gt;

&lt;h5&gt;&lt;a name=&quot;Notes&quot;&gt;&lt;/a&gt;Notes&lt;/h5&gt;

&lt;p&gt;We do not install this by default as it might prevent the bundle from working on localhost &#8211; as our demo sites and domains might not be fully configured.&lt;/p&gt;

&lt;p&gt;To use this matcher it simply has to be set on the rule &lt;tt&gt;uri-starts-with-sitename&lt;/tt&gt; as an additional matcher. See&lt;br/&gt;
&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;a id=&quot;31761_thumb&quot; href=&quot;https://jira.magnolia-cms.com/secure/attachment/31761/31761_multisite_with_adminOnlyMatcher.png&quot; title=&quot;multisite_with_adminOnlyMatcher.png&quot; file-preview-type=&quot;image&quot; file-preview-id=&quot;31761&quot; file-preview-title=&quot;multisite_with_adminOnlyMatcher.png&quot;&gt;&lt;img src=&quot;https://jira.magnolia-cms.com/secure/thumbnail/31761/_thumb_31761.png&quot; style=&quot;border: 0px solid black&quot; role=&quot;presentation&quot;/&gt;&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="47432">MULTISITE-55</key>
            <summary>Re-evaluate cross site access rules</summary>
                <type id="5" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10896&amp;avatarType=issuetype">Sub-task</type>
                            <parent id="45920">MULTISITE-48</parent>
                                    <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="pmundt">Philip Mundt</assignee>
                                    <reporter username="pmundt">Philip Mundt</reporter>
                        <labels>
                            <label>documentation</label>
                    </labels>
                <created>Tue, 25 Aug 2015 13:07:25 +0200</created>
                <updated>Mon, 8 Aug 2016 13:32:48 +0200</updated>
                            <resolved>Fri, 29 Jan 2016 14:55:27 +0100</resolved>
                                                    <fixVersion>1.1.4</fixVersion>
                    <fixVersion>1.2.3</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="119955" author="pmundt" created="Mon, 1 Feb 2016 08:23:49 +0100"  >&lt;p&gt;To QA:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Set &lt;tt&gt;AdminOnlyMatcher&lt;/tt&gt; on &lt;tt&gt;uri-starts-with-sitename&lt;/tt&gt; (see attachement of issue)&lt;/li&gt;
	&lt;li&gt;Activate rules&lt;/li&gt;
	&lt;li&gt;Depending on the demo installed (stk vs. travel)
	&lt;ul&gt;
		&lt;li&gt;Setup your &lt;tt&gt;/etc/hosts&lt;/tt&gt; file with given domains (pointing to &lt;tt&gt;127.0.0.1&lt;/tt&gt;)&lt;/li&gt;
		&lt;li&gt;and access sites through given domains (adding the port obviously &#8211; also add this to the domain config)&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Make sure site are not (cross-) accessible by providing &lt;tt&gt;&amp;lt;sitename&amp;gt;&lt;/tt&gt; in URL&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10160">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                                        </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="54010">MULTISITE-63</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="47433">MULTISITE-56</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="31761" name="multisite_with_adminOnlyMatcher.png" size="147555" author="pmundt" created="Fri, 29 Jan 2016 11:45:15 +0100"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ajones</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 2 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>pmundt</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i05907:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10220" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Release notes required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10490"><![CDATA[Yes]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="181">Basel 29</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>