adobe
Unexpected Behaviour in Dispatcher Publisher Filter
The dispatcher filter rule /0011 { /type "allow" /extension "json" /selectors "model" /path "/content/*" } does not behave as was probably intended. This rule would allow any combination of selectors as long as one of them is 'model'.
For example this filter would accept:
/content/apage.a.b.c.d.model.e.f.json
It would be better to omit this rule as it breaks the fundamental principle of deny then allow, and many developers would not expect to have allowed any selector by using it.
Generally /selectors is not suitable for use in allow rules.
An alternative approach would be to use a regex in the /url switch, which would make a more targeted allow possible.
This actually sounds like a problem with the dispatcher itself, too. I would expect that the dispatcher would only allow the selector model, not at least the selector model. I thought the whole point of having the sling-uri specific elements inside a dispatcher rule was to eliminate the need for url regex style filters.
@paul-bjorkstrand agreed. There is a recent (Aug) Adobe bug report on this but not yet action. In the short term at least /selectors and allow rules don't mix.
@rfreemo Can you share the bug report number so that once a new dispatcher release is out one can check if it has been fixed?
hi @kwin it's DISP-865. @ackoch recently published some advice on the same topic. The issue we currently have is that this problem is spreading. I just saw an AMS customer with a blanket selector deny rule at the end of the filter, with a comment encouraging the developers to add individual allows afterwards.
I was intending to post in more detail this morning, but had to stop, hence the started message that I posted by mistake then deleted.
Achim's blog: https://blog.developer.adobe.com/writing-better-aem-dispatcher-filters-f23b391624a9
I think what we should be doing as a temporary fix is encouraging the use of /url to allow selectors although it results in some unwieldy regexes .