Following the description in https://nightlies.apache.org/wicket/guide/9.x/single.html#_content_security_policy_csp all CSP rules are managed via Application settings (class ContentSecurityPolicySettings). This means it is not possible to add additional rules on the fly dynamically to the Content Security Settings class. For example, if a specific page within the Wicket application wants to add its own specific URL to the whitelist, this has to be done during the initializing phase of the application.
Is there a way to contribute or to add rules to the list of CSP directives (class CSPHeaderConfiguration) per component or page?
What would be the preferred way for doing that?
Thank you.
You can lookup the CSPHeaderConfiguration and modify it:
WebApplication.get().getCspSettings().getConfiguration().get(...).add(key, value)
The settings are evaluated dynamically, so you can add/remove at any time.
Related
We have a need to restrict certain authors access to components.
example: The restricted authors can only add the image and rich text editor components on the page.
The only thing I can think of is denying access to the component (e.g. /apps/myapps/component/xxx).
additional info:
We're using static templates.
restrictions will be applied to a group and then the group will then be given to the restricted users. Currently using Netcentric ACLs to manage this.
Any ideas on how to make it work? Thanks
I am not sure if this can be solved with ACLs.
The only way might be to intercept the request to
/etc/designs/YOUR-PROJECT/DESIGNFILE/_jcr_content.json/
And then manipulate the json structure based on the current user's groups.
Although this will solve the problem, I do not like this kind of solution at all...
HTH anyway.
I'm new to CQ5 and working on a project that deals with refactoring code that uses design dialogs.
Currently, I have a property declared as part of design dialog of my component. It creates a folder in /etc/designs/ for each template my component is used on. Is there a way we can make sure that those property values are stored at one particular configuration in /etc/design(as opposed to multiple)? I need to make sure only one set of configurations is used for all pages that use my component.
Thanks in advance!
Pallavi
The designs are linked to the template and not the whole site.
Hence whenever you configure the component in design mode, the values are stored within the corresponding template under the jcr:content of the configured design page or under /etc/designs/default/jcr:content in case no design is configured.
As far as I know, there is no way to tell AEM to store all the design configurations under one single path, unless you are using absolute paths in your dialog / page configurations.
If you are using multiple templates in your site, there must be one master template (which render global components eg. header/logo/navigation & footer), and all other templates should extend master template to get these global components and change pagelayout for content section.
Saying so, if templates are structured & inherited properly, you should be able to set design dialog property on home page (created using master template) and all internal pages will be able to access those design property OOB. Though child pages (created using other template) can override those design property (if needed for that template) to break inheritance.
I have an TYPO3 installation with two domains. Each domain has its own provider extension and static template file.
Example:
domain1.com -> providerextension1
domain2.com -> providerextension2
Is it possible to hide the fluidcontent FCEs from providerextension1 in domain2.com?
Example from Bootstrappackage (https://github.com/Ecodev/bootstrap_package)
As soon as an extension has included fluidcontent FCEs (like the fluidcontent_bootstrap) it will add these to all domains, also when the TypoScript Configuration is not included.
If I understand the question completely, the answer is no: you cannot in TYPO3 make your TypoScript that is available in the backend, depend on the domain name being used. There is a way to make TypoScript conditions for the frontend output (for example a condition to only add template paths for your provider A when domain is X), but the same is not possible in the backend.
You are of course welcome to add a feature request on our issue tracker - I don't see any immediate problem with a feature to toggle on and off particular provider extensions based on for example a TypoScript setting. But you should keep in mind the limitation mentioned above since it implies that in order to achieve your desired goal you must place each domain record on a page tree of its own and closely manage the TypoScript that controls the available Provider Extensions on each page tree.
Put shortly: even if you get this feature request filled, it may not be the solution you want and you may have to restructure your pages and domains to get where you need to be.
The problem is, that the FCE are defined in the "ext_tables.php" and "ext_localconf.php" and these files are always loaded when the extension is enabled.
You can alter "ext_tables/ext_localconf" with a simple condition like
if($_SERVER['server_name'] == "www.yourdomain.com") {
//init FCEs here
}
You can try to override the template paths for one domain with an empty value or at least a path to an empty directory. Maybe flux is smart enough to ignore empty template paths.
It seems to be quite basic problem, but I still cannot find a nice solution.
I made a component that uses a dialog property.
How could I avoid setting this property for every single page if this component is used also in template?
What I already have tried:
I set name attribute in dialog.xml to absolute path - Component stops working as standalone (dropped into parsys).
Move it to design_dialog.xml - First of all it's conceptually content, so I do not like such move, and again it doeas not make much sense for standalone versions.
Change resource path to absolute, while including in template:
<cq:include path="/content/site/somepage" resourceType="/apps/portal/components/myComponent" />
For the first look it was almost it. Instances included via parsys has it's own path, and Content for template is fetched from single resource... But where to store it, to make template code independent from pages tree structure?
Is there any other nice way to do so? or at least way to improve 3.?
To the original poster, the functionality you are looking for is now supported by Shared Component Properties in ACS AEM Commons (http://adobe-consulting-services.github.io/acs-aem-commons/features/shared-component-properties.html)
Compared to your suggested solutions:
No need for absolute property path required for SCP
Agreed these are "content" properties, so they should be stored as "content" instead of "design". SCP stores these values under the homepage node of a site, making them as genuine of content as any other piece of content.
Agreed that it is bad to have a template hard-coded to a content path of a single site, especially since this makes a multi-site implementation impossible without creating a bunch of templates. SCP does not have this problem, because each site has its own homepage under which the properties are stored.
If I understand correctly, you have a component which may work in two modes:
it may be included statically in the main page renderer via <cq:include>
it may be also dropped into some parsys.
In the first mode component should have some common configuration for all pages and in the second mode it should be configured separately per-instance. The problem is how to create such common configuration.
I think your 3rd solution is perfectly fine assuming that the component configuration is shared by all sites in your CQ instance. At some point it may be too strong assumption, eg. you may have a 3 language branches under /content/site-en, /content/site-fr and /content/site-de and you'd like to make a separate configuration for each branch.
I'd suggest following improvement to the 3rd solution: you may create the shared component under some relative path which will be the same for all pages, like /content/.../configuration/shared-component (where ... may be site1, site2 or site3). Then take first two parts of the current page path, add the /configuration/shared-component suffix and use <cq:include> to include path created in such way.
You may also take a different approach and create a common configuration page referenced by all statically included components. These components may try to find their configuration automatically (via the relative path as above) or they may have a single pathfield that references configuration page.
If you don't like these options (as they assume some site structure or they need some minimal configuration for each component), consider using HierarchyNodeInheritanceValueMap. It allows you to get property from the current resource and if there is no such property, it'll look into the same resource on ancestor pages. Using this you could configure your component just once, in the site root page and inherit configuration across the whole site.
I want to create an admin bundle, that somehow detects other bundles and tries to add them to the menu and to the same RBAC context.
Eg:
AdminBundle defines a route /admin/dashboard, that requires authentication and authorization. There you can see 3 items in the menu, eg: dashboard, config (some config stored in the db), and users (CRUD for users, found in the UserBundle)
Then someone adds a ProductBundle, which deals with CRUD for e-commerce products or something. Somehow, without modifying any code in AdminBundle, we have now a new item 'products', available in the menu in /admin/dashboard
Later on, the products CRUD is no longer needed, so we just delete the ProductBundle, and it automagically disappears from the admin dashboard menu.
How would you go about implementing something like this? Is there any native support for a plugin-like design like this in symfony 2?
I don't know about a full plugin solution but my approach would be:
There is one "master backend" call it MasterAdminBundle for the sake of conversation. This bundle contains a base.html.twig which just helps define the navigation bar of the Administration area and a {% block content %}. It also has some kind of MenuService which displays the menu. I'd have my other bundles register with this service an AdminMenu subclass by way of using the Tag System just as a Voter can register with the Security Context (see here).
In the base.html.twig I'd then likely use an Embedded Controller to render the menu.
Now with this sort of framework in place your other bundles can stay encapsulated by keeping their own admin routes and interfaces:
ProductController would now also have ProductAdminController where you can use a route prefix #Route("/admin") on the class definition. Any routes could then render templates from within the bundle since templates are held under the controller name. Acme\ProductBundle\Resources\views\ProductAdmin\edit_products.html.twig as long as they extend the base.html.twig from MasterAdminBundle and put their content into the content block.
For other things like a dashboard that you wanted to plug other bundles into I'd likely just keep going the same way, create a service in the MasterAdminBundle and use tags to load other classes into it with the data required.
Hope that makes sense, maybe others will have a better solution to this, I'm interested to hear also since this is something I'm trying to tackle at the moment also.