Expand my Community achievements bar.

SOLVED

How to overlay /libs/cq/xssprotection/config.xml to project specific.

Avatar

Level 5

Hi, 

 

I need to overlay "/libs/cq/xssprotection/config.xml" to the project and add oembed inserts in config file for iframe in embed component. Since the webpage used in my project is not added to the iframesrc. How can I achieve this?

I added the website here, but still the src was shown in iframe.

"<regexp name="iframesrc" value="^(http:|https:)?\/\/(www\.)?(((youtube|youtube-nocookie|vimeo|player\.vimeo|dailymotion|instagram|tumblr|twitter|wordpress|facebook|wikipedia|stackoverflow)(\.com))|(flickr\.com|flic\.kr))\/([A-Za-z0-9]).*"/>"

 

Thank you

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

Avatar

Employee

Hi @ShaileshBassi : I tried overlaying this file, it seems to be working fine on lower environments but file is not getting created in stage/prod. Any other configuration we need to add apart from overlaying this.

Avatar

Community Advisor

Thanks, @ShaileshBassi.

Hi @keerthana_hn

 

following the above solution might serve your purpose for sure. However, it is riskier on modifying this particular config. Please go through this Security Document

Thanks,

Sravan