Headless Server Developer Manual / Version 2404
Table Of ContentsMany relational database systems offer a "view" feature. A view provides an easy way to "see" only data, which is relevant for a certain use case. The Headless Server adopts this concept, to provide a filter to a specific site. Therefore, a site filter restricts the access of a GraphQL query to content objects of only one site.
In a scenario where CoreMedia is used to host a multitude of sites, like a site for each brand, prefiltered content might make it easier for frontend developers to develop a frontend client for one specific brand. Furthermore, potential copyright problems for media content like pictures, for example, or an unintentional mixup of contents belonging to different sites, are prevented effectively.
A site filter is invoked simply by putting the homepage segment in front of the standard GraphQL endpoint or any of the REST endpoints mapped to persisted GraphQL queries.
Given a site with a homepage segment of 'corporate-de-de', a site filter would result in these additional endpoints:
# generic access pattern to GraphQL with a site filter prefix # http://[hostname]/[homepage-segment]/graphql http://[hostname]/corporate-de-de/graphql # generic access pattern to a REST endpoint with a site filter prefix # http://[hostname]/[homepage-segment]/caas/v1/[restendpoint] # # given, there is a defined REST endpoint to /article, # incl a correspondingly named persisted query http://[hostname]/corporate-de-de/caas/v1/article/[id]
A complete listing of all existing site specific endpoints and its site ids can be acquired via the additional
custom actuator endpoint at /actuator/siteRestrictedEndpoints
or via the Swagger UI.
The list via the Swagger UI only reflects the state at server start. As the list of site specific endpoints may
change during runtime of the headless server, those changes are only available via the custom actuator endpoint.
The site filter access is enabled by default. If the site filter access is not desired, the feature can be disabled by adding its autoconfiguration class to SpringBoots exclude list, e.g. in an environment variable.
SPRING_AUTOCONFIGURE_EXCLUDE=com.coremedia.caas.web.view.impl.ViewAutoConfiguration
Limitations
A site filter restricts the access to contents which belong to one site. This is accomplished without the use of users, groups or access rights. Using the standard endpoints (/graphql) without a site filter, it is still possible to access any data of any site! If you want to prevent the full access, please consider a corresponding access rule in your gateway web server.