@jahia/agentic 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/antigravity/.agents/rules/jahia.md +51 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/{opencode/.opencode/agents → antigravity/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
- package/dist/{opencode/.opencode/agents → antigravity/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/antigravity/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/antigravity/.agents/skills/jahia-dev-accessibility/SKILL.md +11 -0
- package/dist/antigravity/.agents/skills/jahia-dev-build-component/SKILL.md +133 -0
- package/dist/antigravity/.agents/skills/jahia-dev-create-page-template/SKILL.md +341 -0
- package/dist/antigravity/.agents/skills/jahia-dev-create-template-set/SKILL.md +205 -0
- package/dist/antigravity/.agents/skills/jahia-dev-create-view/SKILL.md +896 -0
- package/dist/antigravity/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
- package/dist/antigravity/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
- package/dist/antigravity/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
- package/dist/antigravity/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
- package/dist/antigravity/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
- package/dist/antigravity/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
- package/dist/antigravity/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
- package/dist/antigravity/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
- package/dist/antigravity/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
- package/dist/antigravity/.agents/skills/jahia-dev-query-content/SKILL.md +204 -0
- package/dist/antigravity/.agents/skills/jahia-dev-review/SKILL.md +228 -0
- package/dist/antigravity/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
- package/dist/antigravity/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
- package/dist/antigravity/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
- package/dist/antigravity/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
- package/dist/antigravity/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
- package/dist/antigravity/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
- package/dist/antigravity/.agents/skills/jahia-dev-start-local/SKILL.md +121 -0
- package/dist/antigravity/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/antigravity/AGENTS.md +62 -0
- package/dist/claude/.claude/rules/jahia.md +1 -37
- package/dist/claude/.claude/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/claude/.claude/{agents → skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
- package/dist/{cursor/.cursor/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
- package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/claude/.claude/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/claude/.claude/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/claude/.mcp.json +11 -0
- package/dist/claude/CLAUDE.md +2 -38
- package/dist/codex/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/{cursor/.cursor/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
- package/dist/{claude/.claude/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
- package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/codex/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/codex/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/codex/AGENTS.md +2 -38
- package/dist/copilot/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/copilot/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/copilot/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/copilot/AGENTS.md +2 -38
- package/dist/cursor/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/cursor/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/cursor/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/cursor/.cursor/mcp.json +11 -0
- package/dist/cursor/.cursor/rules/jahia.mdc +1 -37
- package/dist/gemini/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/gemini/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/gemini/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/gemini/.gemini/settings.json +10 -0
- package/dist/gemini/AGENTS.md +2 -38
- package/dist/index.js +12 -0
- package/dist/kiro/.kiro/settings/mcp.json +10 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/kiro/.kiro/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/kiro/.kiro/skills/jahia-dev-accessibility/SKILL.md +11 -0
- package/dist/kiro/.kiro/skills/jahia-dev-build-component/SKILL.md +133 -0
- package/dist/kiro/.kiro/skills/jahia-dev-create-page-template/SKILL.md +341 -0
- package/dist/kiro/.kiro/skills/jahia-dev-create-template-set/SKILL.md +205 -0
- package/dist/kiro/.kiro/skills/jahia-dev-create-view/SKILL.md +896 -0
- package/dist/kiro/.kiro/skills/jahia-dev-debug/SKILL.md +176 -0
- package/dist/kiro/.kiro/skills/jahia-dev-import-from/SKILL.md +244 -0
- package/dist/kiro/.kiro/skills/jahia-dev-jexperience/SKILL.md +269 -0
- package/dist/kiro/.kiro/skills/jahia-dev-ops/SKILL.md +50 -0
- package/dist/kiro/.kiro/skills/jahia-dev-ops/references/docker.md +151 -0
- package/dist/kiro/.kiro/skills/jahia-dev-ops/references/monitoring.md +195 -0
- package/dist/kiro/.kiro/skills/jahia-dev-ops/references/provisioning.md +269 -0
- package/dist/kiro/.kiro/skills/jahia-dev-properties/SKILL.md +147 -0
- package/dist/kiro/.kiro/skills/jahia-dev-properties/references/all-properties.md +231 -0
- package/dist/kiro/.kiro/skills/jahia-dev-query-content/SKILL.md +204 -0
- package/dist/kiro/.kiro/skills/jahia-dev-review/SKILL.md +228 -0
- package/dist/kiro/.kiro/skills/jahia-dev-review-cnd/SKILL.md +79 -0
- package/dist/kiro/.kiro/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
- package/dist/kiro/.kiro/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
- package/dist/kiro/.kiro/skills/jahia-dev-screenshot/SKILL.md +177 -0
- package/dist/kiro/.kiro/skills/jahia-dev-site-review/SKILL.md +70 -0
- package/dist/kiro/.kiro/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
- package/dist/kiro/.kiro/skills/jahia-dev-start-local/SKILL.md +121 -0
- package/dist/kiro/.kiro/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/kiro/.kiro/steering/jahia.md +55 -0
- package/dist/kiro/AGENTS.md +62 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/opencode/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/opencode/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/opencode/AGENTS.md +2 -38
- package/dist/opencode/opencode.json +12 -0
- package/dist/windsurf/.windsurf/rules/jahia.md +1 -37
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/SKILL.md +94 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
- package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
- package/dist/windsurf/.windsurf/skills/jahia-dev-accessibility/SKILL.md +5 -265
- package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +13 -8
- package/dist/windsurf/AGENTS.md +2 -38
- package/package.json +1 -1
- package/dist/claude/.claude/agents/cnd-jahia-mixins.md +0 -113
- package/dist/claude/.claude/agents/jahia-cnd-author.md +0 -130
- package/dist/claude/.claude/agents/jahia-dev-worker.md +0 -264
- package/dist/claude/.claude/agents/jahia-reviewer.md +0 -105
- package/dist/claude/.claude/skills/jahia/SKILL.md +0 -148
- package/dist/claude/.claude/skills/jahia-content/SKILL.md +0 -157
- package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/claude/.claude/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/claude/.claude/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/claude/.claude/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/claude/.claude/skills/jahia-dev/SKILL.md +0 -124
- package/dist/claude/.claude/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/claude/.claude/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/claude/.claude/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/claude/.claude/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/claude/.claude/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/claude/.claude/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/claude/.claude/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/claude/.claude/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/claude/.claude/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/claude/.claude/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/claude/.claude/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/claude/.claude/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/claude/.claude/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/claude/.claude/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/claude/.claude/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/claude/.claude/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/claude/.claude/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/claude/.claude/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/claude/.claude/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/claude/.claude/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/claude/.claude/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/claude/.claude/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/claude/.claude/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/claude/.claude/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/codex/.agents/skills/jahia/SKILL.md +0 -148
- package/dist/codex/.agents/skills/jahia-content/SKILL.md +0 -157
- package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/codex/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/codex/.agents/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/codex/.agents/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/codex/.agents/skills/jahia-dev/SKILL.md +0 -124
- package/dist/codex/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/codex/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/codex/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/codex/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/codex/.agents/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/codex/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/codex/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/codex/.agents/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/codex/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/codex/.agents/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/codex/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/codex/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/codex/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/codex/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/codex/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/codex/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/codex/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/codex/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/codex/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/codex/.agents/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/codex/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/codex/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/codex/.agents/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/codex/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/codex/.codex/agents/cnd-child-nodes.toml +0 -3
- package/dist/codex/.codex/agents/cnd-jahia-mixins.toml +0 -3
- package/dist/codex/.codex/agents/cnd-numbers-dates.toml +0 -3
- package/dist/codex/.codex/agents/cnd-string-selectors.toml +0 -3
- package/dist/codex/.codex/agents/jahia-cnd-author.toml +0 -3
- package/dist/codex/.codex/agents/jahia-dev-worker.toml +0 -3
- package/dist/codex/.codex/agents/jahia-reviewer.toml +0 -3
- package/dist/copilot/.agents/skills/jahia/SKILL.md +0 -148
- package/dist/copilot/.agents/skills/jahia-content/SKILL.md +0 -157
- package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/copilot/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/copilot/.agents/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/copilot/.agents/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/copilot/.agents/skills/jahia-dev/SKILL.md +0 -124
- package/dist/copilot/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/copilot/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/copilot/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/copilot/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/copilot/.agents/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/copilot/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/copilot/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/copilot/.agents/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/copilot/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/copilot/.agents/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/copilot/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/copilot/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/copilot/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/copilot/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/copilot/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/copilot/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/copilot/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/copilot/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/copilot/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/copilot/.agents/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/copilot/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/copilot/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/copilot/.agents/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/copilot/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/cursor/.agents/skills/jahia/SKILL.md +0 -148
- package/dist/cursor/.agents/skills/jahia-content/SKILL.md +0 -157
- package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/cursor/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/cursor/.agents/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/cursor/.agents/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/cursor/.agents/skills/jahia-dev/SKILL.md +0 -124
- package/dist/cursor/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/cursor/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/cursor/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/cursor/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/cursor/.agents/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/cursor/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/cursor/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/cursor/.agents/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/cursor/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/cursor/.agents/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/cursor/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/cursor/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/cursor/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/cursor/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/cursor/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/cursor/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/cursor/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/cursor/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/cursor/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/cursor/.agents/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/cursor/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/cursor/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/cursor/.agents/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/cursor/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/cursor/.cursor/agents/cnd-jahia-mixins.md +0 -113
- package/dist/cursor/.cursor/agents/jahia-cnd-author.md +0 -130
- package/dist/cursor/.cursor/agents/jahia-dev-worker.md +0 -264
- package/dist/cursor/.cursor/agents/jahia-reviewer.md +0 -105
- package/dist/gemini/.agents/skills/jahia/SKILL.md +0 -148
- package/dist/gemini/.agents/skills/jahia-content/SKILL.md +0 -157
- package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/gemini/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/gemini/.agents/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/gemini/.agents/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/gemini/.agents/skills/jahia-dev/SKILL.md +0 -124
- package/dist/gemini/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/gemini/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/gemini/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/gemini/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/gemini/.agents/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/gemini/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/gemini/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/gemini/.agents/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/gemini/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/gemini/.agents/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/gemini/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/gemini/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/gemini/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/gemini/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/gemini/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/gemini/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/gemini/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/gemini/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/gemini/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/gemini/.agents/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/gemini/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/gemini/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/gemini/.agents/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/gemini/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/opencode/.agents/skills/jahia/SKILL.md +0 -148
- package/dist/opencode/.agents/skills/jahia-content/SKILL.md +0 -157
- package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/opencode/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/opencode/.agents/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/opencode/.agents/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/opencode/.agents/skills/jahia-dev/SKILL.md +0 -124
- package/dist/opencode/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/opencode/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/opencode/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/opencode/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/opencode/.agents/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/opencode/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/opencode/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/opencode/.agents/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/opencode/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/opencode/.agents/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/opencode/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/opencode/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/opencode/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/opencode/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/opencode/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/opencode/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/opencode/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/opencode/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/opencode/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/opencode/.agents/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/opencode/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/opencode/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/opencode/.agents/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/opencode/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
- package/dist/opencode/.opencode/agents/cnd-jahia-mixins.md +0 -113
- package/dist/opencode/.opencode/agents/jahia-cnd-author.md +0 -130
- package/dist/opencode/.opencode/agents/jahia-dev-worker.md +0 -264
- package/dist/opencode/.opencode/agents/jahia-reviewer.md +0 -105
- package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +0 -148
- package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +0 -157
- package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +0 -359
- package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +0 -255
- package/dist/windsurf/.windsurf/skills/jahia-content-media-upload/SKILL.md +0 -197
- package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +0 -231
- package/dist/windsurf/.windsurf/skills/jahia-content-organize/SKILL.md +0 -209
- package/dist/windsurf/.windsurf/skills/jahia-content-publish/SKILL.md +0 -181
- package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +0 -174
- package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +0 -226
- package/dist/windsurf/.windsurf/skills/jahia-dev/SKILL.md +0 -124
- package/dist/windsurf/.windsurf/skills/jahia-dev-apis/SKILL.md +0 -52
- package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/authentication.md +0 -484
- package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/graphql.md +0 -657
- package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/jcr-api.md +0 -465
- package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/security.md +0 -541
- package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +0 -265
- package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/SKILL.md +0 -93
- package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +0 -110
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/backend.md +0 -331
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/content-types.md +0 -273
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/modules.md +0 -218
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/osgi.md +0 -208
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/rendering.md +0 -191
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/ui-extensions.md +0 -344
- package/dist/windsurf/.windsurf/skills/jahia-dev-osgi-module/SKILL.md +0 -297
- package/dist/windsurf/.windsurf/skills/jahia-dev-ui-extension/SKILL.md +0 -559
- package/dist/windsurf/.windsurf/skills/jahia-java-concurrency/SKILL.md +0 -308
- package/dist/windsurf/.windsurf/skills/jahia-java-jcr/SKILL.md +0 -153
- package/dist/windsurf/.windsurf/skills/jahia-java-osgi/SKILL.md +0 -134
- package/dist/windsurf/.windsurf/skills/jahia-java-persistence/SKILL.md +0 -177
- package/dist/windsurf/.windsurf/skills/jahia-java-security/SKILL.md +0 -84
- package/dist/windsurf/.windsurf/skills/jahia-orchestrate/SKILL.md +0 -148
- package/dist/windsurf/.windsurf/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
- package/dist/windsurf/.windsurf/skills/jahia-review-java/SKILL.md +0 -131
- package/dist/windsurf/.windsurf/skills/jahia-review-java/references/code-review-output.md +0 -121
- /package/dist/{claude/.claude/agents → antigravity/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
- /package/dist/{cursor/.cursor/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
- /package/dist/{opencode/.opencode/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
|
@@ -1,541 +0,0 @@
|
|
|
1
|
-
# Security Reference
|
|
2
|
-
|
|
3
|
-
Covers the security filter/service (scope-based API authorization), HTML filtering (XSS protection), and Content Security Policy (CSP).
|
|
4
|
-
|
|
5
|
-
## Table of Contents
|
|
6
|
-
|
|
7
|
-
- [Security Service and Filter](#security-service-and-filter)
|
|
8
|
-
- [Overview](#overview)
|
|
9
|
-
- [Authorization configuration](#authorization-configuration)
|
|
10
|
-
- [Scope grants](#scope-grants)
|
|
11
|
-
- [Auto-apply rules](#auto-apply-rules)
|
|
12
|
-
- [User constraints](#user-constraints)
|
|
13
|
-
- [Configuration profiles](#configuration-profiles)
|
|
14
|
-
- [Extending an existing scope](#extending-an-existing-scope)
|
|
15
|
-
- [Packaging configuration in a module](#packaging-configuration-in-a-module)
|
|
16
|
-
- [Checking API authorization from Java](#checking-api-authorization-from-java)
|
|
17
|
-
- [CORS filter](#cors-filter)
|
|
18
|
-
- [JWT tokens (deprecated)](#jwt-tokens-deprecated)
|
|
19
|
-
- [Legacy mode and migration](#legacy-mode-and-migration)
|
|
20
|
-
- [HTML Filtering (XSS Protection)](#html-filtering-xss-protection)
|
|
21
|
-
- [Overview](#overview-1)
|
|
22
|
-
- [Configuration file priority](#configuration-file-priority)
|
|
23
|
-
- [Configuration structure](#configuration-structure)
|
|
24
|
-
- [Strategies: SANITIZE vs REJECT](#strategies-sanitize-vs-reject)
|
|
25
|
-
- [Process and skip settings](#process-and-skip-settings)
|
|
26
|
-
- [Skip on permissions](#skip-on-permissions)
|
|
27
|
-
- [Rule sets — allowed elements and attributes](#rule-sets--allowed-elements-and-attributes)
|
|
28
|
-
- [GraphQL API for validation](#graphql-api-for-validation)
|
|
29
|
-
- [Which properties are filtered](#which-properties-are-filtered)
|
|
30
|
-
- [Best practices](#best-practices)
|
|
31
|
-
- [Migrating from v1 to v2](#migrating-from-v1-to-v2)
|
|
32
|
-
- [Content Security Policy (CSP)](#content-security-policy-csp)
|
|
33
|
-
- [Installation and enabling](#installation-and-enabling)
|
|
34
|
-
- [Site-level CSP](#site-level-csp)
|
|
35
|
-
- [Page-level CSP override](#page-level-csp-override)
|
|
36
|
-
- [Report-only mode](#report-only-mode)
|
|
37
|
-
- [Nonce generation](#nonce-generation)
|
|
38
|
-
- [CSP examples](#csp-examples)
|
|
39
|
-
|
|
40
|
-
---
|
|
41
|
-
|
|
42
|
-
## Security Service and Filter
|
|
43
|
-
|
|
44
|
-
### Overview
|
|
45
|
-
|
|
46
|
-
The `security-filter` bundle protects all Jahia APIs (GraphQL, RESTful JCR, views, custom APIs) from unauthorized access, XSS/CSRF attacks, and provides CORS support.
|
|
47
|
-
|
|
48
|
-
**Core principle:** All API access is **denied by default**. Access is explicitly granted via scope-based configuration files. Without any configuration, even the Jahia Administration UI will not work.
|
|
49
|
-
|
|
50
|
-
Configuration files live in `digital-factory-data/karaf/etc/` with the filename pattern:
|
|
51
|
-
|
|
52
|
-
```
|
|
53
|
-
org.jahia.bundles.api.authorization-*.yml
|
|
54
|
-
or
|
|
55
|
-
org.jahia.bundles.api.authorization-*.cfg
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
YAML format is supported from Jahia 8.1.0.0 onward (recommended).
|
|
59
|
-
|
|
60
|
-
### Authorization configuration
|
|
61
|
-
|
|
62
|
-
The configuration is a list of named **scopes**. Each scope grants access to one or more APIs.
|
|
63
|
-
|
|
64
|
-
- If a request holds **at least one** scope that grants the API → access **granted**
|
|
65
|
-
- If a request holds **no** scope that grants the API → access **denied**
|
|
66
|
-
|
|
67
|
-
Scopes can be associated with a request via:
|
|
68
|
-
- Personal API tokens (explicitly carrying scopes)
|
|
69
|
-
- JWT tokens (deprecated — see below)
|
|
70
|
-
- Automatic rules based on request origin
|
|
71
|
-
|
|
72
|
-
**Minimal YAML scope example:**
|
|
73
|
-
|
|
74
|
-
```yaml
|
|
75
|
-
myscope:
|
|
76
|
-
description: Can access some graphql API
|
|
77
|
-
metadata:
|
|
78
|
-
visible: true
|
|
79
|
-
auto_apply:
|
|
80
|
-
- origin: hosted
|
|
81
|
-
grants:
|
|
82
|
-
- api: graphql.MyGqlType
|
|
83
|
-
node: none
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
Equivalent in `.cfg` format:
|
|
87
|
-
|
|
88
|
-
```properties
|
|
89
|
-
myscope.description = Can access some graphql API
|
|
90
|
-
myscope.metadata.visible = true
|
|
91
|
-
myscope.auto_apply[0].origin = hosted
|
|
92
|
-
myscope.grants[0].api = graphql.MyGqlType
|
|
93
|
-
myscope.grants[0].node = none
|
|
94
|
-
```
|
|
95
|
-
|
|
96
|
-
### Scope grants
|
|
97
|
-
|
|
98
|
-
A scope contains one or more grants. Within a single grant, **all conditions must match** (AND logic). Multiple grants use OR logic (any one matching grant grants access).
|
|
99
|
-
|
|
100
|
-
**Grant conditions:**
|
|
101
|
-
|
|
102
|
-
**`api`** — API identifier (dot-separated). Examples:
|
|
103
|
-
- `graphql.MyGqlType` — specific GraphQL type
|
|
104
|
-
- `graphql.JcrNode, graphql.JcrProperty` — multiple types (comma-separated)
|
|
105
|
-
- `view.json.tree` — the `tree.json` view
|
|
106
|
-
- `jcrestapi` — all JCRest API calls
|
|
107
|
-
|
|
108
|
-
API names by subsystem:
|
|
109
|
-
- GraphQL: `graphql.<gql-type>.<gql-field>`
|
|
110
|
-
- JCRest API: `jcrestapi.<query-type>`
|
|
111
|
-
- AJAX views: `view.<template-type>.<view-name>`
|
|
112
|
-
|
|
113
|
-
Include/exclude syntax:
|
|
114
|
-
|
|
115
|
-
```yaml
|
|
116
|
-
grants:
|
|
117
|
-
- api:
|
|
118
|
-
include: graphql
|
|
119
|
-
exclude: graphql.GqlAdmin, graphql.JcrNode
|
|
120
|
-
```
|
|
121
|
-
|
|
122
|
-
**`node`** — matches requests involving a JCR node. Use `node: none` for requests that do not return a node. Sub-entries:
|
|
123
|
-
|
|
124
|
-
```yaml
|
|
125
|
-
grants:
|
|
126
|
-
- node:
|
|
127
|
-
pathPattern: /,/sites(/.*)?
|
|
128
|
-
excludedPathPattern: /sites/[^/]+/users(/.*)?
|
|
129
|
-
workspace: live # or: default
|
|
130
|
-
nodeType: jnt:page
|
|
131
|
-
excludedNodeType: jnt:file
|
|
132
|
-
withPermission: myPermission
|
|
133
|
-
```
|
|
134
|
-
|
|
135
|
-
**Combining conditions (AND within one grant):**
|
|
136
|
-
|
|
137
|
-
```yaml
|
|
138
|
-
grants:
|
|
139
|
-
- api: graphql
|
|
140
|
-
node: none
|
|
141
|
-
# Allows GraphQL calls that do NOT involve a node
|
|
142
|
-
```
|
|
143
|
-
|
|
144
|
-
**Multiple grants (OR between grants):**
|
|
145
|
-
|
|
146
|
-
```yaml
|
|
147
|
-
grants:
|
|
148
|
-
- api: graphql
|
|
149
|
-
- node: none
|
|
150
|
-
# Allows ALL GraphQL calls, AND all calls that don't involve a node
|
|
151
|
-
```
|
|
152
|
-
|
|
153
|
-
### Auto-apply rules
|
|
154
|
-
|
|
155
|
-
Scopes can be automatically applied based on request origin (checked against `Origin` and `Referer` headers):
|
|
156
|
-
|
|
157
|
-
```yaml
|
|
158
|
-
auto_apply:
|
|
159
|
-
- origin: hosted # same server as Jahia (same origin)
|
|
160
|
-
- origin: same # alias for hosted
|
|
161
|
-
- origin: http://www.mysite.com # specific trusted origin
|
|
162
|
-
```
|
|
163
|
-
|
|
164
|
-
To always apply a scope regardless of origin:
|
|
165
|
-
|
|
166
|
-
```yaml
|
|
167
|
-
auto_apply:
|
|
168
|
-
- always: true
|
|
169
|
-
```
|
|
170
|
-
|
|
171
|
-
### User constraints
|
|
172
|
-
|
|
173
|
-
Restrict a scope to specific users:
|
|
174
|
-
|
|
175
|
-
```yaml
|
|
176
|
-
# Restrict to users with a specific permission on a node:
|
|
177
|
-
constraints:
|
|
178
|
-
- user_permission: manageModules
|
|
179
|
-
path: /sites
|
|
180
|
-
workspace: live
|
|
181
|
-
|
|
182
|
-
# Restrict to privileged users only:
|
|
183
|
-
constraints:
|
|
184
|
-
- privileged_user: true
|
|
185
|
-
```
|
|
186
|
-
|
|
187
|
-
The scope will **never** be applied to users who do not meet the constraints.
|
|
188
|
-
|
|
189
|
-
### Configuration profiles
|
|
190
|
-
|
|
191
|
-
Set a profile in `org.jahia.bundles.api.security.cfg` via `security.profile`:
|
|
192
|
-
|
|
193
|
-
| Profile | Description | Recommendation |
|
|
194
|
-
|---------|-------------|----------------|
|
|
195
|
-
| `default` | No API calls from external origins or non-privileged users | **Recommended** |
|
|
196
|
-
| `compat` | More open; compatible with pre-8.1 behavior | Not recommended for production |
|
|
197
|
-
| `open` | Allows every call | Never use in production |
|
|
198
|
-
|
|
199
|
-
The `compat` profile was introduced in 2021 as a migration aid and is not intended for ongoing production use.
|
|
200
|
-
|
|
201
|
-
### Extending an existing scope
|
|
202
|
-
|
|
203
|
-
Add grants or auto-apply rules to an existing scope from another configuration file:
|
|
204
|
-
|
|
205
|
-
```yaml
|
|
206
|
-
graphql:
|
|
207
|
-
auto_apply:
|
|
208
|
-
- origin: http://www.mytrusted-origin.com
|
|
209
|
-
```
|
|
210
|
-
|
|
211
|
-
### Packaging configuration in a module
|
|
212
|
-
|
|
213
|
-
Place configuration files in `META-INF/configurations/` within your module JAR. They are deployed to `karaf/etc` at module startup (supported from DX 7.2.2.0).
|
|
214
|
-
|
|
215
|
-
### Checking API authorization from Java
|
|
216
|
-
|
|
217
|
-
The bundle exposes an OSGi service implementing `org.jahia.services.securityfilter.PermissionService`. Call `hasPermission(query)` with a map:
|
|
218
|
-
|
|
219
|
-
```java
|
|
220
|
-
Map<String, Object> query = new HashMap<>();
|
|
221
|
-
query.put("api", "my-api.type.sub-type"); // required
|
|
222
|
-
query.put("node", jcrNodeWrapper); // optional
|
|
223
|
-
boolean allowed = permissionService.hasPermission(query);
|
|
224
|
-
```
|
|
225
|
-
|
|
226
|
-
The `api` key value is tested by `ApiGrant`; the `node` key value (a `JCRNodeWrapper`) is tested by `NodeGrant`.
|
|
227
|
-
|
|
228
|
-
### CORS filter
|
|
229
|
-
|
|
230
|
-
The security-filter module includes a global CORS filter based on the Tomcat implementation. Configure it in `org.jahia.bundles.api.security.cfg`. All Tomcat CORS filter settings are supported — see [Tomcat CORS Filter docs](https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter).
|
|
231
|
-
|
|
232
|
-
### JWT tokens (deprecated)
|
|
233
|
-
|
|
234
|
-
JWT tokens are **deprecated** — use personal API tokens instead.
|
|
235
|
-
|
|
236
|
-
Pass a JWT in the `Authorization: Bearer <token>` header. JWT tokens carry a `scopes` claim listing the scopes they grant. Configuration in `org.jahia.bundles.jwt.token.cfg`:
|
|
237
|
-
|
|
238
|
-
```properties
|
|
239
|
-
jwt.issuer = MyOrg
|
|
240
|
-
jwt.audience = http://jahia.com
|
|
241
|
-
jwt.algorithm = HMAC_SHA256
|
|
242
|
-
jwt.secret = my_super_secret_change_this
|
|
243
|
-
```
|
|
244
|
-
|
|
245
|
-
Tokens can be generated via **Developer Tools > JWT Configuration** in development mode.
|
|
246
|
-
|
|
247
|
-
### Legacy mode and migration
|
|
248
|
-
|
|
249
|
-
Enable legacy mode in `org.jahia.bundles.api.security.cfg`:
|
|
250
|
-
|
|
251
|
-
```properties
|
|
252
|
-
security.legacyMode=true
|
|
253
|
-
```
|
|
254
|
-
|
|
255
|
-
In legacy mode, old `org.jahia.modules.api.permissions-*.cfg` files are used. The new authorization YAML files are ignored.
|
|
256
|
-
|
|
257
|
-
Enable migration reporting to compare behaviors:
|
|
258
|
-
|
|
259
|
-
```properties
|
|
260
|
-
security.migrationReporting=true
|
|
261
|
-
```
|
|
262
|
-
|
|
263
|
-
This logs differences between legacy and standard mode without changing the active enforcement.
|
|
264
|
-
|
|
265
|
-
**Debugging:** Set `org.jahia.bundles.securityfilter.core` (or `.legacy` for legacy mode) to `DEBUG` in log4j to log every permission check with its result and matching grant.
|
|
266
|
-
|
|
267
|
-
---
|
|
268
|
-
|
|
269
|
-
## HTML Filtering (XSS Protection)
|
|
270
|
-
|
|
271
|
-
### Overview
|
|
272
|
-
|
|
273
|
-
The HTML Filtering module (v2) provides XSS protection for JCR properties containing HTML markup. It is **active as soon as the module is installed** — no per-site enablement is required. Compatible with Jahia 8.1.8.0+.
|
|
274
|
-
|
|
275
|
-
HTML filtering applies to content saves. It does not filter rendered output.
|
|
276
|
-
|
|
277
|
-
### Configuration file priority
|
|
278
|
-
|
|
279
|
-
Three configuration levels (highest to lowest priority):
|
|
280
|
-
|
|
281
|
-
| Level | Filename | Purpose |
|
|
282
|
-
|-------|----------|---------|
|
|
283
|
-
| Site-specific | `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` | Per-site overrides |
|
|
284
|
-
| Global custom | `org.jahia.modules.htmlfiltering.global.custom.yml` | Admin customizations for all sites |
|
|
285
|
-
| Global default | `org.jahia.modules.htmlfiltering.global.default.yml` | Shipped with module; do not modify |
|
|
286
|
-
|
|
287
|
-
If a configuration file is invalid, it is skipped and the next level in the chain is used. Check logs to confirm your configuration loaded.
|
|
288
|
-
|
|
289
|
-
### Configuration structure
|
|
290
|
-
|
|
291
|
-
All configuration files share the same structure with separate `editWorkspace` and `liveWorkspace` sections (both must be present for the file to be valid):
|
|
292
|
-
|
|
293
|
-
```yaml
|
|
294
|
-
htmlFiltering:
|
|
295
|
-
formatDefinitions:
|
|
296
|
-
HTML_ID: '[a-zA-Z0-9\:\-_\.]+'
|
|
297
|
-
NUMBER_OR_PERCENT: '\d+%?'
|
|
298
|
-
LINKS_URL: '(?:(?:[\p{L}\p{N}\\\.#@$%\+&;\-_~,\?=/!{}:]+|#(\w)+)|(\s*(?:(?:ht|f)tps?://|mailto:)[\p{L}\p{N}][\p{L}\p{N}\p{Zs}\.#@$%\+&:\-_~,\?=/!\(\)]*+\s*))'
|
|
299
|
-
editWorkspace:
|
|
300
|
-
strategy: REJECT
|
|
301
|
-
skipOnPermissions: []
|
|
302
|
-
process: ['nt:base.*']
|
|
303
|
-
skip: []
|
|
304
|
-
allowedRuleSet:
|
|
305
|
-
elements:
|
|
306
|
-
# rules for allowed elements and attributes
|
|
307
|
-
protocols: [http, https, mailto]
|
|
308
|
-
liveWorkspace:
|
|
309
|
-
strategy: SANITIZE
|
|
310
|
-
skipOnPermissions: []
|
|
311
|
-
process: ['nt:base.*']
|
|
312
|
-
skip: []
|
|
313
|
-
allowedRuleSet:
|
|
314
|
-
elements:
|
|
315
|
-
# rules for allowed elements and attributes
|
|
316
|
-
protocols: [http, https, mailto]
|
|
317
|
-
```
|
|
318
|
-
|
|
319
|
-
### Strategies: SANITIZE vs REJECT
|
|
320
|
-
|
|
321
|
-
| Strategy | Behavior | Recommended for |
|
|
322
|
-
|----------|----------|----------------|
|
|
323
|
-
| `SANITIZE` | Removes disallowed tags/attributes silently | `liveWorkspace` (no direct user feedback) |
|
|
324
|
-
| `REJECT` | Rejects the save operation if any disallowed content found | `editWorkspace` (editors can correct) |
|
|
325
|
-
|
|
326
|
-
**SANITIZE behavior by tag type:**
|
|
327
|
-
- Block-level tags (e.g., `<p>`): tag is removed but text content is kept (`<p>hello</p>` → `hello`)
|
|
328
|
-
- Other tags (e.g., `<script>`): tag and all its content are removed entirely
|
|
329
|
-
|
|
330
|
-
### Process and skip settings
|
|
331
|
-
|
|
332
|
-
Control which node types and properties are filtered:
|
|
333
|
-
|
|
334
|
-
```yaml
|
|
335
|
-
process: ['nt:base.*'] # Filter all properties of all node types
|
|
336
|
-
skip: ['nt:myNodeType.*'] # Skip all properties of a specific node type
|
|
337
|
-
skip: ['nt:myNodeType.myProp'] # Skip a specific property
|
|
338
|
-
```
|
|
339
|
-
|
|
340
|
-
`skip` takes precedence over `process`. The notation supports any node type/property combination that exists on the node, even via mixins — for example `skip: ['jnt:bigText.j:htmlContent']` is valid even if `j:htmlContent` is defined on a mixin.
|
|
341
|
-
|
|
342
|
-
### Skip on permissions
|
|
343
|
-
|
|
344
|
-
Bypass filtering for users holding specific permissions:
|
|
345
|
-
|
|
346
|
-
```yaml
|
|
347
|
-
skipOnPermissions: ['view-full-wysiwyg-editor', 'site-admin']
|
|
348
|
-
```
|
|
349
|
-
|
|
350
|
-
**Warning:** If a privileged user saves HTML content with elements that would be filtered for less privileged users, those users will be unable to later edit that content (their save will be rejected). Use `skipOnPermissions` with care and only for trusted users.
|
|
351
|
-
|
|
352
|
-
### Rule sets — allowed elements and attributes
|
|
353
|
-
|
|
354
|
-
```yaml
|
|
355
|
-
allowedRuleSet:
|
|
356
|
-
elements:
|
|
357
|
-
- attributes: [class, dir, hidden, lang, role, style, title] # on any tag
|
|
358
|
-
- attributes:
|
|
359
|
-
- id
|
|
360
|
-
format: HTML_ID # must match regex
|
|
361
|
-
- attributes: [align]
|
|
362
|
-
tags: [caption, col, colgroup, hr, img, table, tbody, td, tfoot, th, thead, tr]
|
|
363
|
-
- attributes: [alt]
|
|
364
|
-
tags: [img]
|
|
365
|
-
- tags: [h1, h2, h3, h4, h5, h6, p, a, img, figure, div, ul, ol, li,
|
|
366
|
-
table, tbody, thead, tfoot, tr, td, th, blockquote, code, pre,
|
|
367
|
-
br, strong, em, span, nav, article, main, aside, section, header, footer]
|
|
368
|
-
protocols: [http, https, mailto]
|
|
369
|
-
```
|
|
370
|
-
|
|
371
|
-
Each rule can specify:
|
|
372
|
-
- `tags` — HTML tags the rule applies to (omit to apply to all tags)
|
|
373
|
-
- `attributes` — allowed attributes for those tags
|
|
374
|
-
- `format` — regex pattern name from `formatDefinitions` that attribute values must match
|
|
375
|
-
|
|
376
|
-
`protocols` restricts allowed URL schemes in `href` and `src` attributes.
|
|
377
|
-
|
|
378
|
-
`allowedRuleSet` is mandatory and must contain at least one rule. `disallowedRuleSet` is optional.
|
|
379
|
-
|
|
380
|
-
### GraphQL API for validation
|
|
381
|
-
|
|
382
|
-
Validate or preview HTML sanitization before saving:
|
|
383
|
-
|
|
384
|
-
```graphql
|
|
385
|
-
query HtmlFiltering($html: String!, $workspace: Workspace = EDIT, $siteKey: String!) {
|
|
386
|
-
htmlFiltering {
|
|
387
|
-
validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
|
|
388
|
-
removedTags
|
|
389
|
-
removedAttributes {
|
|
390
|
-
attributes
|
|
391
|
-
tag
|
|
392
|
-
}
|
|
393
|
-
sanitizedHtml
|
|
394
|
-
safe
|
|
395
|
-
}
|
|
396
|
-
}
|
|
397
|
-
}
|
|
398
|
-
```
|
|
399
|
-
|
|
400
|
-
Response fields:
|
|
401
|
-
- `removedTags` — list of tags removed during sanitization
|
|
402
|
-
- `removedAttributes` — list of attributes removed, with their parent tags
|
|
403
|
-
- `sanitizedHtml` — the sanitized output
|
|
404
|
-
- `safe` — `true` if nothing was removed (input is fully compliant)
|
|
405
|
-
|
|
406
|
-
### Which properties are filtered
|
|
407
|
-
|
|
408
|
-
A property is processed by HTML filtering only if **all** of the following are true:
|
|
409
|
-
|
|
410
|
-
1. The current user does not have any permission listed in `skipOnPermissions`
|
|
411
|
-
2. The property matches at least one pattern in `process`
|
|
412
|
-
3. The property does not match any pattern in `skip`
|
|
413
|
-
4. The property is declared as a `richtext` property in the CND definition
|
|
414
|
-
|
|
415
|
-
```
|
|
416
|
-
[nt:myNodeType] > jnt:content, jmix:droppableContent
|
|
417
|
-
- myHTMLProperty (string, richtext) # filtered
|
|
418
|
-
- willNotBeProcessed (string) # not filtered (no richtext)
|
|
419
|
-
```
|
|
420
|
-
|
|
421
|
-
**Important:** JSON overrides (jContent UI overrides) that change a property's editor to RichText are **ignored** by HTML filtering. The CND definition is authoritative. Properties must be declared `richtext` in the CND to be filtered.
|
|
422
|
-
|
|
423
|
-
### Best practices
|
|
424
|
-
|
|
425
|
-
1. Never modify `org.jahia.modules.htmlfiltering.global.default.yml` — create a custom or site-specific file instead.
|
|
426
|
-
2. Use `skipOnPermissions` sparingly; only for users who genuinely need to contribute unrestricted HTML.
|
|
427
|
-
3. Use `REJECT` in `editWorkspace` so editors receive immediate feedback; use `SANITIZE` in `liveWorkspace` for resilience.
|
|
428
|
-
4. Declare HTML properties with the `richtext` constraint in CND — JSON overrides do not affect filtering.
|
|
429
|
-
5. After adding or modifying a config file, verify in logs that it was loaded successfully.
|
|
430
|
-
|
|
431
|
-
### Migrating from v1 to v2
|
|
432
|
-
|
|
433
|
-
As soon as v2 is installed, it replaces v1 entirely. v1 custom configurations are no longer read.
|
|
434
|
-
|
|
435
|
-
**Key changes in v2:**
|
|
436
|
-
|
|
437
|
-
| Area | v1 | v2 |
|
|
438
|
-
|------|----|----|
|
|
439
|
-
| Strategy | SANITIZE only | SANITIZE or REJECT per workspace |
|
|
440
|
-
| Workspaces | Single config | Separate `editWorkspace`/`liveWorkspace` sections |
|
|
441
|
-
| Format definitions | Hardcoded (e.g., `HTML_ID`) | Configurable in `formatDefinitions` |
|
|
442
|
-
| Config files | `org.jahia.modules.htmlfiltering.config-*.yml` | Three-tier: global default, global custom, site-specific |
|
|
443
|
-
| `htmlSanitizerDryRun` | Available | Removed |
|
|
444
|
-
|
|
445
|
-
**GraphQL API change:**
|
|
446
|
-
|
|
447
|
-
v1 (mutation):
|
|
448
|
-
```graphql
|
|
449
|
-
mutation { htmlFilteringConfiguration { htmlFiltering {
|
|
450
|
-
testFiltering(siteKey: $siteKey, html: $text) { html, removedElements, removedAttributes { element, attributes } }
|
|
451
|
-
}}}
|
|
452
|
-
```
|
|
453
|
-
|
|
454
|
-
v2 (query):
|
|
455
|
-
```graphql
|
|
456
|
-
query { htmlFiltering {
|
|
457
|
-
validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
|
|
458
|
-
sanitizedHtml, removedTags, removedAttributes { attributes, tag }, safe
|
|
459
|
-
}
|
|
460
|
-
}}
|
|
461
|
-
```
|
|
462
|
-
|
|
463
|
-
**Migration steps:**
|
|
464
|
-
1. Review existing v1 configs; note all custom rules.
|
|
465
|
-
2. Create `org.jahia.modules.htmlfiltering.global.custom.yml` for global customizations.
|
|
466
|
-
3. Create `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` for site-specific rules.
|
|
467
|
-
4. Use `SANITIZE` strategy in both workspaces to replicate v1 behavior, then tighten as needed.
|
|
468
|
-
5. Update any code using the v1 GraphQL API.
|
|
469
|
-
6. Test thoroughly, then delete the old v1 config files.
|
|
470
|
-
|
|
471
|
-
---
|
|
472
|
-
|
|
473
|
-
## Content Security Policy (CSP)
|
|
474
|
-
|
|
475
|
-
### Installation and enabling
|
|
476
|
-
|
|
477
|
-
The CSP module is installed by default with Jahia 8+. Enable it per site:
|
|
478
|
-
|
|
479
|
-
1. Go to **Administration > Server > Modules & Extensions > Modules**.
|
|
480
|
-
2. Find **Content Security Policy** and activate it on the relevant sites.
|
|
481
|
-
|
|
482
|
-
### Site-level CSP
|
|
483
|
-
|
|
484
|
-
1. Go to **Administration > Sites > Site properties > Edit site properties**.
|
|
485
|
-
2. In the Options section, check **Add Content-Security-Policy at the site level**.
|
|
486
|
-
3. Enter the CSP directive string (all on one line).
|
|
487
|
-
4. Optionally enable report-only mode or specify a violation report URL.
|
|
488
|
-
|
|
489
|
-
### Page-level CSP override
|
|
490
|
-
|
|
491
|
-
Override the site-level CSP for a specific page:
|
|
492
|
-
|
|
493
|
-
1. In **JContent**, edit the page.
|
|
494
|
-
2. In the Options section, check **Replace Content-Security-Policy at the page level**.
|
|
495
|
-
3. Enter the page-specific CSP directive.
|
|
496
|
-
|
|
497
|
-
### Report-only mode
|
|
498
|
-
|
|
499
|
-
Available only at the site level. Enable **Only report CSP violations** — violations are logged to Jahia log files instead of being blocked. Optionally specify a **Report violations to this URL** endpoint.
|
|
500
|
-
|
|
501
|
-
This is useful for testing a new CSP before enforcing it.
|
|
502
|
-
|
|
503
|
-
### Nonce generation
|
|
504
|
-
|
|
505
|
-
To use `nonce-` in your CSP (recommended for inline scripts):
|
|
506
|
-
|
|
507
|
-
1. Include `nonce-` (as a placeholder) in the site-level CSP value.
|
|
508
|
-
2. In your custom module's view, set the `nonce` attribute on `<script>` elements to the Jahia property value `contentSecurityPolicy.nonce.placeHolder`.
|
|
509
|
-
|
|
510
|
-
For each page rendering, Jahia generates a random nonce, updates the CSP header, and replaces the static placeholder in the HTML output.
|
|
511
|
-
|
|
512
|
-
### CSP examples
|
|
513
|
-
|
|
514
|
-
**Basic CSP:**
|
|
515
|
-
|
|
516
|
-
```
|
|
517
|
-
Content-Security-Policy: default-src 'self'; script-src 'self' https://apis.google.com; object-src 'none'; frame-ancestors 'none';
|
|
518
|
-
```
|
|
519
|
-
|
|
520
|
-
**Strict CSP with nonce (multi-line for readability; enter on one line in Jahia):**
|
|
521
|
-
|
|
522
|
-
```
|
|
523
|
-
Content-Security-Policy:
|
|
524
|
-
default-src 'self' https://*.doubleclick.net;
|
|
525
|
-
script-src 'nonce-' 'strict-dynamic' https: 'unsafe-inline';
|
|
526
|
-
object-src 'none';
|
|
527
|
-
base-uri 'none';
|
|
528
|
-
frame-ancestors 'none';
|
|
529
|
-
img-src 'self' data:;
|
|
530
|
-
font-src 'self' data:;
|
|
531
|
-
style-src 'self' 'unsafe-inline';
|
|
532
|
-
frame-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;
|
|
533
|
-
connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
|
|
534
|
-
```
|
|
535
|
-
|
|
536
|
-
The `'nonce-'` string is a placeholder — Jahia replaces it with a generated random value per request.
|
|
537
|
-
|
|
538
|
-
**References:**
|
|
539
|
-
- MDN CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
|
|
540
|
-
- OWASP CSP Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
|
|
541
|
-
- CSP Reference: https://content-security-policy.com/
|