Open nhirrle opened 1 month ago
https://github.com/adobe/aem-project-archetype/blob/ea27d77022fb19250492ea04c3ed971ac60adb4e/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any#L25
A servlet may be open on publish and should not.
Example: /bin/some-servlet.json.servlet.json/something.js may respond if /bin wasn't blocked afterwards.
Possible solution:
/0011 { /type "allow" /method "GET" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /suffix "" /method '(GET|HEAD)' }
block at least suffixes.
Please doublecheck why this rule is even required, it is NOT present in AMS
https://github.com/adobe/aem-project-archetype/blob/ea27d77022fb19250492ea04c3ed971ac60adb4e/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any#L25
A servlet may be open on publish and should not.
Example: /bin/some-servlet.json.servlet.json/something.js may respond if /bin wasn't blocked afterwards.
Possible solution:
/0011 { /type "allow" /method "GET" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /suffix "" /method '(GET|HEAD)' }block at least suffixes.
Please doublecheck why this rule is even required, it is NOT present in AMS