Saturday, August 29, 2020

Sitecore Content Security Policy Issue

Sitecore 9+ has added the Content Security Policy custom header in the web.config and this will block any API calls to other domains. 



Open web.config and look for customHeaders

<configuration>

<location path="sitecore">

    <system.webServer>

         <httpProtocol>

                <customHeaders>

                         <httpProtocol>

                                <customHeaders>

                                        <remove name="X-Content-Type-Options"/>

          <remove name="X-XSS-Protection"/>

<remove name="Content-Security-Policy"/>

<add name="X-XSS-Protection" value="1; mode=block"/>

<add name="X-Content-Type-Options" value="nosniff "/>

<add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;"/>

        </customHeaders>

      </httpProtocol>

   </system.webServer>

</location>

</configuration>


Now lets add other domain https://mydomain.com  in CSP.

<configuration>

<location path="sitecore">

    <system.webServer>

         <httpProtocol>

                <customHeaders>

                         <httpProtocol>

                                <customHeaders>

                                        <remove name="X-Content-Type-Options"/>

           <remove name="X-XSS-Protection"/>

<remove name="Content-Security-Policy"/>

<add name="X-XSS-Protection" value="1; mode=block"/>

<add name="X-Content-Type-Options" value="nosniff "/>

<add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://mydomain.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;"/>

        </customHeaders>

      </httpProtocol>

   </system.webServer>

</location>

</configuration>


Posted by at No comments:

Thursday, August 20, 2020

Sitecore Config Patch Files

Here is the collection of Sitecore Patch files I have used.


1. Patch Config to Enable/disable the xDB and the tracker


2. Patch Config to Enable/disable the CDN 

Posted by at No comments:
Labels: ,

Monday, August 17, 2020

Sitecore PowerShell Extensions - Update Placeholders

The following script reads all child items under the Home node and changes the placeHolder key as per the per defined mapping (old and new) if the rendering type is "JSON rendering"

references:

  1. https://www.kasaku.co.uk/2018/02/28/updating-rendering-placeholders/
  2. https://doc.sitecorepowershell.com/
Posted by at No comments:
Labels: ,

Sitecore PowerShell - Update Rendering Caching

Following scripts reads all renderings in "/sitecore/layout/Renderings/Project/Feature/Platform" path and updates the caching checkbox Cacheable and VaryByData for all the rendering of "Json Rendering" type.


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)