loading table of contents...

3.4. Advanced Preview Configuration

In case of a separate deployment, security can be improved even further by configuring a whitelist of valid Studio URLs in the preview CAE web application. This is done via the pbe.studioUrlWhitelist property in the WEB-INF/application.properties file of the preview CAE web application. If left empty, all URLs are considered valid.

In the opposite direction, it is possible to configure a whitelist of valid preview URLs in Studio (including protocol, host and port). This is done via the studio.previewUrlWhitelist property in the WEB-INF/application.properties file of the Studio web application. If left empty, the only valid preview URL is the one that is determined based on the studio.previewUrlPrefix property (that is, the given preview URL or the Studio URL itself if a relative preview URL prefix is given). When configuring valid preview URLs it is possible to use wildcards as in the following example:

studio.previewUrlWhitelist=https://host1:port1, https://host2:port2, http://localhost*, *company.com

Note, that once a preview URL whitelist is configured, CoreMedia Studio has no chance to set a target origin in outgoing messages anymore. Be aware that this is a minor security drawback.

In case of a separate deployment, enabling Elastic Social tenants in the embedded preview requires including a placeholder in the aforementioned studio.previewUrlPrefix key of the property file WEB-INF/application.properties. The CoreMedia Studio then replaces the token with the current tenant. In a CoreMedia Blueprint related project, this could be:

studio.previewUrlPrefix=http://{0}.localhost:40081/blueprint/servlet