SecureAEM
SecureAEM copied to clipboard
wttech
Do some research on the Internet if there are any new rules worth implementing.
Currently, the "globalConfig"-node is used to store configuration regarding the usernames/passwords and urls of the AEM instances. This should be replaced by OSGi configuration, as this is the common way...
Tested locally on AEM 6.1 - 6.4
Make the secure aem icon available from: http://localhost:4502/aem/start.html Security tab: 
Refactor SlingReferrerFilterTest to avoid NPE when filter is not configured https://github.com/Cognifide/SecureCQ/issues/29
When there is no ReferrerFilter config call for > /system/console/configMgr/org.apache.sling.security.impl.ReferrerFilter.json returns response with empty list of configs `[]` which causes NPE: 
It should leverage the OSGi framework instead.
` ` It will always overwrite any nodes that are added in the /etc/secureaem path.
SecureCQ version: 1.3.1  At the same time ``` $ curl -v https://dev.example.com/system/console/ -o /dev/null ... > GET /system/console HTTP/1.1 > Host: dev.example.com > User-Agent: curl/7.53.1 > Accept: */* >...
