Best way to POST a form from IOS ContentSync app to AEM Servlet

Avatar

Avatar

ameesh_trikha1

Avatar

ameesh_trikha1

ameesh_trikha1

15-11-2016

Use Case - We have a shell IOS app and they content for the app comes from AEM Content Sync. We are introducing couple of forms to be submitted via App, these forms will POST data to a servlet on AEM Publish instance. The POST data contains fields outside the form data, coming form IOS application settings/configurations.

Issue - Sling Referrer Filter blocks the POST from the IOS app.

Possible Solution(s)

1) Use AJAX based POST to Add referrer header

var main_url = "http://www.example1.com"; var referrer = "http://www.example2.com"; $.ajax({ url: main_url, dataType: "json", headers: {'X-Alt-Referer': referrer }, success: function(data){ console.log(data); } });

2) Serve the form from AEM instead of the local content copy created by the ContentSync

What is the recommended approach, I would prefer not to make AEM call to serve the forms; from what I have been told, Apple has strict rules on serving such content in App

View Entire Topic

Avatar

Avatar

Bruce_Lefebvre

Employee

Avatar

Bruce_Lefebvre

Employee

Bruce_Lefebvre
Employee

15-11-2016

Hi Ameesh,

Setting the referrer header in your JS code would be a security issue, so it is not permitted by the browser (or in this case, Cordova container).

You can bypass the Referrer Filter by overriding your app's user agent with a value that does not contain "Mozilla" or "Opera", in effect indicating that these requests are not coming from a browser. Place the following line in your app's config.xml, replacing "Custom User Agent String" with the value you would like to use:

<preference name="OverrideUserAgent" value="Custom User Agent String" />

To see the exact check done by the Sling Referrer Filter, check out the source code here: https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/contrib/extensions/sec...