How to overlay /libs/cq/xssprotection/config.xml to project specific. | Community
Skip to main content
K
Adobe Employee
Keerthana_H_NAdobe Employee
Adobe Employee
July 6, 2022
Solved

How to overlay /libs/cq/xssprotection/config.xml to project specific.

  • July 6, 2022
  • 2 replies
  • 2328 views

Hi, 

 

I need to overlay "/libs/cq/xssprotection/config.xml" to the project and add oembed inserts in config file for iframe in embed component. Since the webpage used in my project is not added to the iframesrc. How can I achieve this?

I added the website here, but still the src was shown in iframe.

"<regexp name="iframesrc" value="^(http:|https:)?\/\/(www\.)?(((youtube|youtube-nocookie|vimeo|player\.vimeo|dailymotion|instagram|tumblr|twitter|wordpress|facebook|wikipedia|stackoverflow)(\.com))|(flickr\.com|flic\.kr))\/([A-Za-z0-9]).*"/>"

 

Thank you

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by ShaileshBassi

@keerthana_h_n  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

2 replies

ShaileshBassi
Community Advisor
ShaileshBassiCommunity AdvisorAccepted solution
Community Advisor
July 6, 2022

@keerthana_h_n  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

    R
    Adobe Employee
    rahul21Adobe Employee
    Adobe Employee
    November 22, 2023

    Hi @shaileshbassi : I tried overlaying this file, it seems to be working fine on lower environments but file is not getting created in stage/prod. Any other configuration we need to add apart from overlaying this.

    B_Sravan
    Community Advisor
    B_SravanCommunity Advisor
    Community Advisor
    July 6, 2022

    Thanks, @shaileshbassi.

    Hi @keerthana_h_n

     

    following the above solution might serve your purpose for sure. However, it is riskier on modifying this particular config. Please go through this Security Document

    Thanks,

    Sravan

      Terms & ConditionsAccessibility statement

      Loading footer...