You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Groovy console in order to load the script stored in repository fetches resources through a CRX browser e..g http://integration.groovytest.com/crx/server/crx.default/jcr%3aroot/etc/groovyconsole/scripts/samples/CreatePackage.groovy/jcr%3Acontent/jcr:data. As the crx prefix is usually forbidden, it fails to load the data.
Please change the way the scripts are loaded to get the content directly e.g. http://integration.groovytest.com/etc/groovyconsole/scripts/samples/CreatePackage.groovy/jcr%3Acontent/jcr:data
The text was updated successfully, but these errors were encountered:
The reason behind Adobe's recommendation for blocking those paths (and the reason that they're "dangerous") is that they allow low level access to/control over the instance. Via the groovy console, it's possible to do pretty much anything you can do via the UIs exposed by the blocked URLs (e.g. starting or stopping bundles, installing or uninstalling packages, getting an admin session and changing properties, etc).
If you're blocking those paths, you should probably also block access to the groovy console.
That said, I guess it wouldn't hurt anything to make the change you're suggesting, so if you want to open a PR I would not personally have a problem with merging it (as long as the other maintainers are happy with it).
When a CQ instance is behind dispatcher, it is quite often configured to restrict some dangerous paths like package manager (
/crx
), crxde (/crxde
), OSGi console (/system/console
). This is also encouraged by Adobe (http://docs.adobe.com/docs/en/dispatcher.html, http://docs.adobe.com/content/docs/en/dispatcher/_jcr_content/par/download/file.res/author_dispatcher_new.any).Groovy console in order to load the script stored in repository fetches resources through a CRX browser e..g
http://integration.groovytest.com/crx/server/crx.default/jcr%3aroot/etc/groovyconsole/scripts/samples/CreatePackage.groovy/jcr%3Acontent/jcr:data
. As thecrx
prefix is usually forbidden, it fails to load the data.Please change the way the scripts are loaded to get the content directly e.g.
http://integration.groovytest.com/etc/groovyconsole/scripts/samples/CreatePackage.groovy/jcr%3Acontent/jcr:data
The text was updated successfully, but these errors were encountered: