Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Remove editor screen from publish instance

Avatar

Level 2

Hello All,

I have created one site and published it into the publish server.

but if i give editor.html the URL I can edit the page..

So how can I remove or restrict a user to edit page or template in publish instance.

Thank you

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

That is still possible, but unless if you are logged in, you cannot edit the page.

If you follow the AEM security checklist, it lists some URLs which should be blocked on the dispatcher level to prevent exactly this usecase.

View solution in original post

8 Replies

Avatar

Community Advisor

Can you first check if your server is running in publish instance or not?

you can check it under

system/console then click on status and Sling settings.

check the Run modes there. if it is an author or publisher.

~ Prince

Avatar

Level 2

Hello Prince,

Thank you for response I have checked and it looks like

Apache Sling Settings

Sling ID = f3541358-985d-403e-91e3-031107636d30

Sling Name = Instance f3541358-985d-403e-91e3-031107636d30

Sling Description = Instance with id f3541358-985d-403e-91e3-031107636d30 and run modes [s7connect, crx3, samplecontent, publish, crx3tar]

Sling Home = D:\projects\AEM Demo Site\publish-server\crx-quickstart

Sling Home URL = file:/D:/projects/AEM%20Demo%20Site/publish-server/crx-quickstart/

Run Modes = [s7connect, crx3, samplecontent, publish, crx3tar]

AEM Instance in publish mode.

What other configuration require ?

Avatar

Level 10

I'm able to reproduce this behavior in 6.4.3 but I'm not sure if it is expected or a bug.

http://localhost:4503/editor.html/content/we-retail/us/en.html displays the "Edit" mode but doesn't load the Editor layer on page and each component hence the components are not editable irrespective of authenticated vs unauthenticated users on publish server.

Avatar

Level 2

Yes gauravb41175071

I have also gone through the WE-Retail Site

yes  you are right

we-retail site content is not editable at publish instance.

So do you have any idea how can we hide editor console from publish instance?

Avatar

Community Advisor

Can you please check in configMgr. WCM filter. what is the value there?

disabled or edit ?

Avatar

Level 2

Hi tirthtimaniya

If you are on publisher make sure that /system/console/configMgr/com.day.cq.wcm.core.WCMRequestFilter is in "Disabled" mode.

Regards,

Sumeet

Avatar

Correct answer by
Employee Advisor

That is still possible, but unless if you are logged in, you cannot edit the page.

If you follow the AEM security checklist, it lists some URLs which should be blocked on the dispatcher level to prevent exactly this usecase.

Avatar

Level 2

sumeetc5738183​ Thank you  brother. I saw it is in disable mode but what if I want to delete that?

Right now if I go to editor.html it will not allow me to edit content just like we-retail site but what If I want to disable or remove it?

as far as I get to know that if I am not logged in into CRX I wont be able to hit editor.html URL.

Anyways thank you for the response