Headless Server Developer Manual / Version 2101
Table Of ContentsMany relational database systems offer a "view" feature. A view provides an easy way to "see" only data, which is relevant for a certain use case. The Headless Server adopts this concept, to provide a filter to a specific site. Therefore, a site filter restricts the access of a GraphQL query to content objects of only one site.
In a scenario where CoreMedia is used to host a multitude of sites, like a site for each brand, prefiltered content might make it easier for frontend developers to develop a frontend client for one specific brand. Furthermore, potential copyright problems for media content like pictures, for example, or an unintentional mixup of contents belonging to different sites, are prevented effectively.
A site filter is invoked simply by putting the homepage segment in front of the standard GraphQL endpoint or any of the REST endpoints mapped to persisted GraphQL queries.
Given a site with a homepage segment of 'corporate-de-de', a site filter would result in these additional endpoints:
# generic access pattern to GraphQL with a site filter prefix
# http://[hostname]/[homepage-segment]/graphql
http://[hostname]/corporate-de-de/graphql
# generic access pattern to a REST endpoint with a site filter prefix
# http://[hostname]/[homepage-segment]/caas/v1/[restendpoint]
#
# given, there is a defined REST endpoint to /article,
# incl a correspondingly named persisted query
http://[hostname]/corporate-de-de/caas/v1/article/[id]
Limitations
A site filter restricts the access to contents which belong to one site. This is accomplished without the use of users, groups or access rights. Using the standard endpoints (/graphql) without a site filter, it is still possible to access any data of any site! If you want to prevent the full access, please consider a corresponding access rule in your gateway web server.
