Expand my Community achievements bar.

SOLVED

AEM dispatcher post method configurations

Avatar

Level 1

Hi All,

I would like to refine the post method configuration on dispatcher filters. So ,the idea is to block all the post methods in my repository on adding the below condition.

//001 {/type "deny" /method "POST" /url "/content*"}

The above filter blocks the entire post methods present in my content content . So ,I need to allow only the required post methods present on my project.

//002 {type "allow" /method "POST" url "/content/[.]*.html"}

Adding on the above filter would be allowing the required post method with html selectors. So, whether the above //002 filter is sufficient to allow all the content paths with post servlet calls without any blockage

Kindly suggest on the above and your ideas on allowing the post calls

Thanks.

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

yes, that should work.

Please see this

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c...

 

Example Filter: Enable POST Requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

View solution in original post

4 Replies

Avatar

Community Advisor

Hi,

you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. Though I am not sure about your use case.



Arun Patidar

Avatar

Correct answer by
Community Advisor

yes, that should work.

Please see this

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c...

 

Example Filter: Enable POST Requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

Avatar

Level 2

Thanks suresh .

But my question is it would not be blocking the post method servlet calls other than form data.

Avatar

Community Advisor

As mention by @arunpatidar , it is better to use selectors and enable it -

 

/0063 { /type "allow" /url "POST /content/[.]*.commerce.cart.json" } # allow POSTs to update the shopping cart