I'm having some issues after upgrade AEM 6.5 from SP4 to SP6.( this same issue happened with SP5 and I had to make a rollback and try luck with the SP6 ) , every time that I try to edit or save new content using any component dialog for Touch UI I'm seeing the following exception error in logs ( no errors on console, only in crx/de logs) and no content in JCR is updated. Seems that all the components on my site are not longer able to found the correct path that stores the dialog information on the JCR. But before of the upgrade everything was working correctly for classic and touch ui.
I would like to know if is a typical issue after upgrade, or if someone has any recommendation to fix it:
*ERROR* [186.155.xxx.xx  GET /editor.html/content/comm/bridtest/en-us/.infinity.json HTTP/1.1] libs.cq.gui.components.renderconditions.canmodify.canmodify$jsp Unable to retrieve allowed user actions javax.jcr.RepositoryException: Invalid name or path: /content/comm/bridtest/en-us//jcr:content at org.apache.jackrabbit.oak.jcr.session.SessionContext.getOakPathOrThrow(SessionContext.java:384) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getOakPathOrThrow(SessionImpl.java:150) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$100(SessionImpl.java:82) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.session.SessionImpl$1.performNullable(SessionImpl.java:186) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.session.SessionImpl$1.performNullable(SessionImpl.java:182) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:242) [org.apache.jackrabbit.oak-jcr:1.22.4] at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getNodeOrNull(SessionImpl.java:182) [org.apache.jackrabbit.oak-jcr:1.22.4]
It is already solved. If you have some /apps/cq/xssprotection or any folder that contains protection rules to prevent injection of malicious code using dialogs on AEM you need to disabled. Those custom scripts could be incompatible with SP6 and on my particular case were blocking JCR node updating using Touch UI dialogs.