search

AdobeDocs / experience-manager-cloud-service.en

This is the repository for Adobe Experience Manager as a Cloud Service documentation. Your contributions to the documentation are welcome.
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service
MIT License
3 stars 41 forks source link

Add reference to the dispatcher security checklist #215

Open rnituadobe opened 2 days ago

rnituadobe commented 2 days ago

Issue in ./help/implementing/dispatcher/validation-debug.md

Hello,

Several customers have reported that the default_filters of the dispatcher present potential security breaches by exposing any .css resource - [1]. Although the documentation mentions that it is not mandatory to use the default filters, there may be customers who have standard projects that probably include default filters first to not redefine rules like rule /001.

Therefore, it would be a good idea to add advice for the customers to secure their websites according to the security checklist [2]. So maybe a reference to the security checklist is a good addition to this documentation.

[1] https://github.com/adobe/aem-project-archetype/blob/ea27d77022fb19250492ea04c3ed971ac60adb4e/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any#L25

[2] https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/getting-started/security-checklist

raimanS commented 2 days ago

@rnituadobe Thank you. We will investigate.

raimanS commented 2 days ago

@adobe export issue to Jira project CQDOC

github-jira-sync-bot commented 2 days ago

:white_check_mark: Jira issue CQDOC-22168 is successfully created for this GitHub issue.