Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

How to overlay /libs/cq/xssprotection/config.xml to project specific.

Avatar

Level 5
Level 5
7/6/22 4:16:04 AM

Hi, 

 

I need to overlay "/libs/cq/xssprotection/config.xml" to the project and add oembed inserts in config file for iframe in embed component. Since the webpage used in my project is not added to the iframesrc. How can I achieve this?

I added the website here, but still the src was shown in iframe.

"<regexp name="iframesrc" value="^(http:|https:)?\/\/(www\.)?(((youtube|youtube-nocookie|vimeo|player\.vimeo|dailymotion|instagram|tumblr|twitter|wordpress|facebook|wikipedia|stackoverflow)(\.com))|(flickr\.com|flic\.kr))\/([A-Za-z0-9]).*"/>"

 

Thank you

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
7/6/22 4:31:46 AM

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

View solution in original post

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
7/6/22 4:31:46 AM

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Employee
Employee
11/22/23 1:21:42 AM
In response to ShaileshBassi

Hi @ShaileshBassi : I tried overlaying this file, it seems to be working fine on lower environments but file is not getting created in stage/prod. Any other configuration we need to add apart from overlaying this.

Views

893

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
7/6/22 9:01:17 AM

Thanks, @ShaileshBassi.

Hi @keerthana_hn

 

following the above solution might serve your purpose for sure. However, it is riskier on modifying this particular config. Please go through this Security Document

Thanks,

Sravan

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to obtain list of child components models in parent component sling model?

Views

108

Likes

0

Replies

5
Add type="module" to the script tag when AEM introduces JS

Views

72

Likes

0

Replies

2
how to write junit for this code

Views

93

Likes

0

Replies

5
Universal Editor - No Option to Add a New Component

Views

63

Likes

0

Replies

1
Unable to Mock request in slingModel

Views

96

Likes

0

Replies

3