Adobe Experience Manager as a Cloud Service uses AEM Publish Dispatcher filters to ensure only requests that should reach AEM do reach AEM. By default all requests are denied, and patterns for allowed URLs must be explicitly added.
Client type | Single-page app (SPA) | Web Component/JS | Mobile | Server-to-server |
---|---|---|---|---|
Requires Dispatcher filters configuration | ✔ | ✔ | ✔ | ✔ |
The following configurations are examples. Ensure you adjust them to align to the requirements of your project.
The AEM Publish Dispatcher filter configuration defines the URL patterns allowed to reach AEM, and must include the URL prefix for the AEM persisted query endpoint.
Client connects to | AEM Author | AEM Publish | AEM Preview |
---|---|---|---|
Requires Dispatcher filters configuration | ✘ | ✔ | ✔ |
Add an allow
rule with the URL pattern /graphql/execute.json/*
, and ensure the file ID (for example /0600
, is unique in the example farm file).
This allows HTTP GET request to the persisted query endpoint, such as HTTP GET /graphql/execute.json/wknd-shared/adventures-all
through to AEM Publish.
If using Experience Fragments in your AEM Headless experience, do the same for these paths.
dispatcher/src/conf.dispatcher.d/filters/filters.any
...
# Allow headless requests for Persisted Query endpoints
/0600 { /type "allow" /method '(POST|OPTIONS)' /url "/graphql/execute.json/*" }
# Allow headless requests for Experience Fragments
/0601 { /type "allow" /method '(GET|OPTIONS)' /url "/content/experience-fragments/*" }
...