Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to overlay /libs/cq/xssprotection/config.xml to project specific.

Avatar

Level 4

Hi, 

 

I need to overlay "/libs/cq/xssprotection/config.xml" to the project and add oembed inserts in config file for iframe in embed component. Since the webpage used in my project is not added to the iframesrc. How can I achieve this?

I added the website here, but still the src was shown in iframe.

"<regexp name="iframesrc" value="^(http:|https:)?\/\/(www\.)?(((youtube|youtube-nocookie|vimeo|player\.vimeo|dailymotion|instagram|tumblr|twitter|wordpress|facebook|wikipedia|stackoverflow)(\.com))|(flickr\.com|flic\.kr))\/([A-Za-z0-9]).*"/>"

 

Thank you

1 Accepted Solution

Avatar

Correct answer by
Level 8

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

View solution in original post

2 Replies

Avatar

Correct answer by
Level 8

@keerthana_hn  Steps:

  1. Copy "/libs/cq/xssprotection/config.xml" to "/apps/cq/xssprotection/config.xml".
  2. Open "/apps/cq/xssprotection/config.xml" and make your respective changes over here.

It's important that each time you install an AEM upgrade (CFP or SP), to check that your customizations are still valid.

If you have changed  /libs/sling/xss/config.xml to /apps/sling/xss/config.xml a few versions ago, then in the meantime the original file under /libs may have changed while your customized version under /apps did not. It may be completely out of date! 

Here's what you should do: 

  • Identify the changes that were made in the /apps/sling/xss/config.xml file
  • Remove /apps/sling/xss/config.xml
  • Create a new overlay from /libs/sling/xss/config.xml to /apps/sling/xss/config.xml
  • Apply the changes you had made to /apps/sling/xss/config.xml to the new version (if applicable)

Hope this helps!

Thanks 

Avatar

Community Advisor

Thanks, @shaileshbassi.

Hi @keerthana_hn

 

following the above solution might serve your purpose for sure. However, it is riskier on modifying this particular config. Please go through this Security Document

Thanks,

Sravan