Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
0.25
-
Flagged
-
Quasar
-
Puma Sprint 232, Puma Sprint 238
Description
Functional
As a developer
when I add custom resources, like images or a frontend application, to the cms artifact
and the path of these resources is not available ( because the path is not part of the allowedPaths of the NavAppRedirectFilter )
then I can add it to a custom allowedPaths filter parameter in my project.
See comment-576712 for a typical scenario.
Technical
At the moment, only hardcoded white list of paths are taken into account, any user defined resource will be intercept by the filter.
This is also not documented at all I believe.
Move whitelist to filter parameter in web-fragment.xml or web.xml
Only add an additional filter parameter in exceptional use cases. CMS-13356 already takes care of the most common use cases.
Only add an additional white listed path if:
- the path of the resource is not not covered by the hardcoded whitelist; and
- the request url of the resource does not have the iframe request parameter ( request from the top window ); and
- it's a get request
- the resource path is not a path of a application that is loaded by the navigation application.
A valid use case would be a custom Login plugin that loads an image from a custom location.
See org.hippoecm.frontend.filter.NavAppRedirectFilter#shouldRedirectToCMS.