Issue in ./help/screens-cloud/configuring/dispatcher-configurations-screens-cloud.md
Issue: The current Adobe Experience Manager (AEM) Cloud Service documentation for configuring Dispatcher for AEM Screens does not explicitly mention the need to allow access to manifest.json files through the Dispatcher. As a result, customers following the guide may encounter issues where AEM Screens players are unable to download manifest.json files, which are essential for the operation of Screens applications.
Proposed Solution: Update the documentation section on Dispatcher configurations for AEM Screens with an additional filter rule that specifically allows HTTP GET requests for manifest.json files within the /content/screens/* path. This would ensure that AEM Screens players can access the necessary manifest files while maintaining a secure and restrictive Dispatcher configuration.
This rule should be added to the Dispatcher filter rules to specifically target and permit access to manifest.json files required by AEM Screens players, without broadly exposing other JSON files that may be present in the content repository. However, I will defer to the screens experts on this one.
Justification: This change is crucial for the functionality of AEM Screens and enhances security by applying the principle of least privilege. By allowing only the manifest files required for Screens operation, we reduce the surface area for potential security vulnerabilities related to exposing JSON files.
Please consider this proposal for a documentation update to provide clear and secure guidance for AEM Screens customers setting up their Dispatcher configurations.
Issue in ./help/screens-cloud/configuring/dispatcher-configurations-screens-cloud.md Issue: The current Adobe Experience Manager (AEM) Cloud Service documentation for configuring Dispatcher for AEM Screens does not explicitly mention the need to allow access to manifest.json files through the Dispatcher. As a result, customers following the guide may encounter issues where AEM Screens players are unable to download manifest.json files, which are essential for the operation of Screens applications.
Proposed Solution: Update the documentation section on Dispatcher configurations for AEM Screens with an additional filter rule that specifically allows HTTP GET requests for manifest.json files within the /content/screens/* path. This would ensure that AEM Screens players can access the necessary manifest files while maintaining a secure and restrictive Dispatcher configuration.
An example of such a rule could be:
/0203 { /type "allow" /method "GET" /url "*/manifest.json" }
This rule should be added to the Dispatcher filter rules to specifically target and permit access to manifest.json files required by AEM Screens players, without broadly exposing other JSON files that may be present in the content repository. However, I will defer to the screens experts on this one.
Justification: This change is crucial for the functionality of AEM Screens and enhances security by applying the principle of least privilege. By allowing only the manifest files required for Screens operation, we reduce the surface area for potential security vulnerabilities related to exposing JSON files.
Please consider this proposal for a documentation update to provide clear and secure guidance for AEM Screens customers setting up their Dispatcher configurations.