Class |
|
---|---|
Component |
|
ValidateURLServlet
is a security precaution that prevents spoofing of URLs. When a user initiates an action, an action
parameter holding an ID for the action is added to the URL. An encryption key based on the action
parameter value is also added to the URL. Likewise, when a user selects a view, a view
parameter and corresponding encryption key are appended to the URL. When both action
and view
parameters are added to the URL, the encryption key represents the combination of the parameter values.
ValidateURLServlet
recalculates the encryption key in the URL based on the action
or view
parameter values and compares it to the encryption key already in the URL. For URLs with the appropriate key, ValidateURLServlet
adds an attribute to the request, which permits ATG Content Administration to display the request URL. URLs that lack the expected key do not include the request attribute and as a result, cause errors when rendering the request URL.
The best way to disable ValidateURLServlet
is to configure ATG Content Administration to display the request URL regardless of whether the request includes the attribute. To do this, set the validateActions
and validateViews
properties of <ATG11dir>\Publishing\base\config\atg\epub\pws\framework\Framework.properties
to false
.