Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED
How do we allow post request to CQ from external sites?
wrote...
At CQ you need to custom implement for specific url.
In general AEM relies on web application/server firewall to protect.For your usecase use referrer header-based solution which can either be achieved using mod_rewrite [1] or something more elaborate like mod_security [2] on the webserver tier.
[1] http://www.webmasterworld.com/forum92/3229.htm
[2] http://modsecurity.org/
Hi Sham Thanks you very much for the reply, but in my case as the redirection comes from a payment gate way it is not adding the referrer in request header.
Is it possible to add the referrer header in dispatcher for a particular incoming request ?
wrote...
This is the CORS-problem (Cross-Origin Resource Sharing)
Basically, there are two ways of doing this.
1. Have the external domain use a JSONP and implement that interface. (See http://stackoverflow.com/questions/13893361/access-control-allow-origin-localhost).
2. You can manipulate on the Access-Control-Allow-Origin header in your response. (See https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=...)
Notice that this is not fully supported by all browsers yet.
edit:
I actually realized there is one more way just configuring the Sling Referrer Filter. Use the steps from http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/crx_security_checklist.html and enter the domains that can post to the Sling Post in the Allowed hosts. I would advice you to not use any external domains that you don't have control over.
/O
Thank you very much Ove Lindstrm , but in my use case the redirection comes from a payment gate way which does not add referrer header, I guess the allowed hosts will map against the referrer header which again will fail.
Related Conversations
