Best way to POST a form from IOS ContentSync app to AEM Servlet | Community
Skip to main content
A
Ameesh
New Participant
November 15, 2016
Solved

Best way to POST a form from IOS ContentSync app to AEM Servlet

  • November 15, 2016
  • 2 replies
  • 1264 views

Use Case - We have a shell IOS app and they content for the app comes from AEM Content Sync. We are introducing couple of forms to be submitted via App, these forms will POST data to a servlet on AEM Publish instance. The POST data contains fields outside the form data, coming form IOS application settings/configurations.

Issue - Sling Referrer Filter blocks the POST from the IOS app.

Possible Solution(s)

1) Use AJAX based POST to Add referrer header

var main_url = "http://www.example1.com"; var referrer = "http://www.example2.com"; $.ajax({ url: main_url, dataType: "json", headers: {'X-Alt-Referer': referrer }, success: function(data){ console.log(data); } });

2) Serve the form from AEM instead of the local content copy created by the ContentSync

What is the recommended approach, I would prefer not to make AEM call to serve the forms; from what I have been told, Apple has strict rules on serving such content in App

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by brucelef

Hi Ameesh,

Setting the referrer header in your JS code would be a security issue, so it is not permitted by the browser (or in this case, Cordova container).

You can bypass the Referrer Filter by overriding your app's user agent with a value that does not contain "Mozilla" or "Opera", in effect indicating that these requests are not coming from a browser. Place the following line in your app's config.xml, replacing "Custom User Agent String" with the value you would like to use:

<preference name="OverrideUserAgent" value="Custom User Agent String" />

To see the exact check done by the Sling Referrer Filter, check out the source code here: https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java#L449

2 replies

A
AmeeshAuthor
New Participant
November 15, 2016

Thanks!!

My bad I should have looked at the code for filter, assumed it was failing with POSTMan it would fail on application as well. 

B
brucelefAccepted solution
Employee
November 15, 2016

Hi Ameesh,

Setting the referrer header in your JS code would be a security issue, so it is not permitted by the browser (or in this case, Cordova container).

You can bypass the Referrer Filter by overriding your app's user agent with a value that does not contain "Mozilla" or "Opera", in effect indicating that these requests are not coming from a browser. Place the following line in your app's config.xml, replacing "Custom User Agent String" with the value you would like to use:

<preference name="OverrideUserAgent" value="Custom User Agent String" />

To see the exact check done by the Sling Referrer Filter, check out the source code here: https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java#L449

Terms & ConditionsAccessibility statement

Loading footer...