From 67351fad34922bb8e8fe4297c2e4813f1ad7776f Mon Sep 17 00:00:00 2001 From: dgurjar Date: Mon, 21 Oct 2024 12:11:24 +0530 Subject: [PATCH 1/2] Add filter for post url of HTML5 forms in dispatcher --- .../src/conf.dispatcher.d/filters/default_filters.any | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any index e1aa7229c..0ec1af5cc 100644 --- a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any +++ b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any @@ -29,7 +29,7 @@ # Enable basic features /0013 { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' } # AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks -/0014 { /type "allow" /method "POST" /url "/content/*.form.html" } # allow POSTs to form selectors under content +/0014 { /type "allow" /method "POST" /url "((/content/*.form.html)|(/content/xfaforms/profiles/default.submit.html))" } # allow POSTs to form selectors under content /0015 { /type "allow" /method "GET" /path "/libs/cq/personalization" } # enable personalization /0016 { /type "allow" /method "POST" /path "/content/*.commerce.cart.json" } # allow POSTs to update the shopping cart From a8dd2f17b575acc26594dfd6993e01b75fe44bd1 Mon Sep 17 00:00:00 2001 From: dgurjar Date: Mon, 21 Oct 2024 12:13:09 +0530 Subject: [PATCH 2/2] Add filter for post url of HTML5 forms in dispatcher --- .../src/conf.dispatcher.d/filters/default_filters.any | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any index 0ec1af5cc..080e2f884 100644 --- a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any +++ b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any @@ -29,7 +29,7 @@ # Enable basic features /0013 { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' } # AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks -/0014 { /type "allow" /method "POST" /url "((/content/*.form.html)|(/content/xfaforms/profiles/default.submit.html))" } # allow POSTs to form selectors under content +/0014 { /type "allow" /method "POST" /url "/content/((.*\.form\.html)|(xfaforms/profiles/default\.submit\.html))" } # allow POSTs to form selectors under content /0015 { /type "allow" /method "GET" /path "/libs/cq/personalization" } # enable personalization /0016 { /type "allow" /method "POST" /path "/content/*.commerce.cart.json" } # allow POSTs to update the shopping cart