Hi All,
We want to use Assets API to only expose Content Fragments as JSON and not allow Create, update and delete operation.
What is the best way to block these operation? Add DENY rule in dispatcher filter on POST method for /api/assets path or any other options available?
Appreciate inputs.
Thanks.
Views
Replies
Total Likes
Hi @Antony6790
You can block all the request by default and allow only the GET requests with /api/assets path and JSON as the extension.
This will ensure only fetching the asset details/retrieval of asset is allowed whereas rest all operations are blocked.
/0001 { /type "deny" /glob "*"}
/000X #other rules are here for website
/0003 { /type "allow" /method "GET" /url "/api/assets/*" /extension 'json' } #whatever path it is.
Thanks!
Are ACLs on the asset an option?
Views
Likes
Replies
Views
Likes
Replies