Sitecore Box

Sitecore web developer at Americaneagle.com

Media Request Protection and Security



Introduction

Media request protection feature introduced by Sitecore in version 7.5 to restricts media URLs that contain dynamic image-scaling parameters so that only server-generated requests are processed. This ensures that the server only spends resources and disk space on valid image scaling requests.

You can turn on/off this feature by updating the value for this setting item :


When the feature is enabled, Sitecore automatically signs image URLs that are rendered by the pipeline and adds a hash value to the query string. When processing an incoming media request, image resizing/scaling is skipped if any of the relevant query string parameters in the image URL have been altered or any extra resizing parameters have been appended to the URL. In these cases, Sitecore returns the original, unaltered image. Requests for the original image (without any resizing/scaling parameters) work as usual and are not restricted.

Turning off this feature may cause a high disk space consumption so be careful when disabling this feature.

Known Issue Error

Using the media items inside the Rich text editor field and render the field using field value directly " ex : @Html.Raw(item.Fields["Body"].ToString())" does not process its value through Sitecore's field rendering pipelines. This prevents expansion of links, generating hash and other dynamic features. In this case, Sitecore would not validate whether the media link was rendered by Sitecore or was modified by a visitor and may cause a lot of error messages inside log files such as the below one:


"MediaRequestProtection: An invalid/missing hash value was encountered The expected hash value: ............."

Solution

To resolve this issue, please consider using Sitecore's MVC helper method to generate markup of a field: @Html.Sitecore().Field("Body", item)

0 comments:

Post a Comment