latest files from archetype 47

changes.xml

@@ -24,7 +24,7 @@
   <body>
 
     <release version="2.0.4" date="not released">
-      <action type="update" dev="sseifert">
+      <action type="update" dev="sseifert" issue="91">
         Role aem-dispatcher-cloud: Sync with default dispatcher configuration from Adobe AEM project archetype 40 to 47.
       </action>
     </release>

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/available_vhosts/default.vhost

@@ -60,12 +60,6 @@ Include conf.d/variables/custom.vars
 
 		# Rewrite index page internally, pass through (PT)
 		RewriteRule "^(/?)$" "/index.html" [PT]
-	</IfModule>
 
-    # Content Services/Sling Model Exporter: Cache for 5min with background refresh 1h on browser and 12h on CDN to avoid MISS
-    <LocationMatch "^/content/.*\.model\.json$">
-       Header set Cache-Control "max-age=300,stale-while-revalidate=3600" "expr=%{REQUEST_STATUS} < 400"
-       Header set Surrogate-Control "stale-while-revalidate=43200,stale-if-error=43200" "expr=%{REQUEST_STATUS} < 400"
-       Header set Age 0
-    </LocationMatch>
+	</IfModule>
 </VirtualHost>

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/dispatcher_vhost.conf

@@ -14,11 +14,11 @@ Include conf.d/variables/global.vars
 # WARNING!!! The probe paths below are INTERNAL and RESERVED - please DO NOT USE them in your virtual host configurations!
 
 # Liveness probe URL
-Alias "/system/probes/live" /etc/httpd/probes/live-status.json
+Alias "/system/probes/live" probes/live-status.json
 # Readiness probe URL
-Alias "/system/probes/ready" /etc/httpd/probes/ready-status.json
+Alias "/system/probes/ready" probes/ready-status.json
 # Startup probe URL
-Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
+Alias "/system/probes/start" probes/startup-status.json
 
 # internal probes endpoint
 <LocationMatch "/system/probes">
@@ -54,31 +54,18 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
     </LocationMatch>
 </IfDefine>
 
-# SITES-5185 - Ensure all GraphQL Queries to production publisher are using Persistent Queries and not direct query requests
-<IfDefine ENVIRONMENT_PROD>
-    SSLProxyEngine on
-    <LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
-        RewriteRule ^/(.*)$ - [R=404,L]
-    </LocationMatch>
-</IfDefine>
-<IfDefine ENVIRONMENT_STAGE>
-    SSLProxyEngine on
-    <LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
-        RewriteRule ^/(.*)$ - [R=404,L]
-    </LocationMatch>
-</IfDefine>
-
 # If the module loads correctly then apply base settings for the module
 <IfModule disp_apache2.c>
 	# location of the configuration file. eg: 'conf/dispatcher.any'
 	DispatcherConfig conf.dispatcher.d/dispatcher.any
 
 	# Format for the dispatcher log file
-	LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher
+	<IfDefine !LOG_X_REQUEST_ID>
+		LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher
+	</IfDefine>
+	<IfDefine LOG_X_REQUEST_ID>
+		LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\" \"%{x-request-id}i\"" dispatcher
+	</IfDefine>
 	CustomLog "| /usr/sbin/rotatelogs -e -f -t logs/dispatcher.log 86400" dispatcher "expr=%{HANDLER} == 'dispatcher-handler'"
 
 	# Log level for the dispatcher module
@@ -116,20 +103,23 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 	Header unset Age
 </IfDefine>
 
-# SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
-<LocationMatch "/graphql/execute.json/.*">
-    ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
-</LocationMatch>
+# SITES-11040 Do ProxyPassMatch, if caching for GraphQL Persisted Queries is not enabled
+<IfDefine !CACHE_GRAPHQL_PERSISTED_QUERIES>
+    # SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
+	<LocationMatch "/graphql/execute.json/.*">
+        ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
+	</LocationMatch>
+</IfDefine>
 
-# (legacy) Allow ingressroute checks through on /systemready (regardless of dispatcher filters)
+# Legacy /systemready mapped to new Health probe URL /system/probes/health in AEM
 <Location "/systemready">
-	ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
+	ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
 	RewriteEngine Off
 </Location>
 
-# new Health probe URL to legacy /systemready URL mapping
+# Allow ingressroute checks through on /system/probes/health (regardless of dispatcher filters)
 <Location "/system/probes/health">
-	ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
+	ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
 	RewriteEngine Off
 </Location>
 
@@ -154,6 +144,9 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch   ${COMMERCE_ENDPOINT}$2
 		ProxyPassReverse ${COMMERCE_ENDPOINT}
 		RewriteEngine 	 Off
+		# CIF-2971: Experience Platform Connector cookie to header forwarding
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_2>
@@ -165,6 +158,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch   ${AEM_COMMERCE_ENDPOINT_2}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_2}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_3>
@@ -176,6 +171,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_3}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_3}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_4>
@@ -187,6 +184,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_4}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_4}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_5>
@@ -198,6 +197,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_5}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_5}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 
@@ -215,7 +216,7 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 </Directory>
 
 # internal metadata endpoint
-Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
+Alias "/gitinit-status" metadata/gitinit-status.json
 
 <LocationMatch "/gitinit-status">
     RewriteEngine Off
@@ -227,6 +228,50 @@ Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
     Require expr "%{HTTP_HOST} == '${POD_NAME}'"
 </Directory>
 
+# Dedicated vhost for EaaS:
+# (currently disabled, but customers can expect it to be enabled in future versions - CQ-4349728)
+#<VirtualHost *:80>
+#	ServerName	"test.eaas"
+#	# possibility to make overrides before directives in this vhost
+#	IncludeOptional conf.d/includes/first-listed-vhost.pre.includes
+#	# since this vhost is first-listed one, this setting influences other vhosts - see https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize
+#	LimitRequestFieldSize 32768
+#	DocumentRoot /var/www/localhost/htdocs
+#	AllowEncodedSlashes NoDecode
+#	<IfModule mod_headers.c>
+#		Header add X-Vhost "test.eaas"
+#	</IfModule>
+#	<Directory "/var/www/localhost/htdocs">
+#		Options Indexes FollowSymLinks
+#		AllowOverride None
+#		Require all granted
+#	</Directory>
+#
+#	# SKYOPS-49434: Allow EaaS to access publish instance directly for dev and stage environments when test.eaas vhost is requested
+#	<IfDefine ENVIRONMENT_DEV>
+#		<LocationMatch "/">
+#			ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
+#			RewriteEngine Off
+#		</LocationMatch>
+#	</IfDefine>
+#	<IfDefine ENVIRONMENT_STAGE>
+#		<LocationMatch "/">
+#			ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
+#			RewriteEngine Off
+#		</LocationMatch>
+#	</IfDefine>
+#	# 403 Forbidden on prod
+#	<IfDefine ENVIRONMENT_PROD>
+#		<IfModule mod_rewrite.c>
+#			RewriteEngine	on
+#			RewriteRule ^ - [F]
+#		</IfModule>
+#	</IfDefine>
+#	# possibility to make overrides after directives in this vhost
+#	IncludeOptional conf.d/includes/first-listed-vhost.post.includes
+#</VirtualHost>
+
+# Customer's vhosts:
 Include conf.d/enabled_vhosts/*.vhost
 
 # Create a catch-all vhost

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/default_rewrite.rules

@@ -38,6 +38,6 @@ RewriteRule .* - [F]
 # Block wp-login
 RewriteRule ^.*wp-login - [F,NC,L]
 
-# Allow caching of persisted queries
+# Allow the dispatcher to be able to cache persisted queries - they need an extension for the cache file
 RewriteCond %{REQUEST_URI} ^/graphql/execute.json
-RewriteRule ^/(.*)$ /$1;.json [PT,L]
+RewriteRule ^/(.*)$ /$1;.json [PT]

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/rewrite.rules

@@ -20,5 +20,6 @@ RewriteCond %{REQUEST_URI} !^/saml_login
 RewriteCond %{REQUEST_URI} !^/system
 RewriteCond %{REQUEST_URI} !^/tmp
 RewriteCond %{REQUEST_URI} !^/var
+RewriteCond %{REQUEST_URI} !^/conf/(.+\.jpe?g|.+\.png|.+\.svg)$
 RewriteCond %{REQUEST_URI} (.html|.jpe?g|.png|.svg)$
 RewriteRule ^/(.*)$ /content/${CONTENT_FOLDER_NAME}/$1 [PT,L]

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/variables/global.vars

@@ -22,11 +22,18 @@
 #
 # Define REWRITE_LOG_LEVEL Warn
 
-
 # Disable default caching headers
 #
 # The following headers are set by default dispatcher configuration Expires, Cache-Control, Age.
 # If you uncomment and define DISABLE_DEFAULT_CACHING variable these headers are not set any more
 # and you can fully customize the caching behavior.
 #
 # Define DISABLE_DEFAULT_CACHING
+
+# Enable caching for GraphQL persisted queries
+#
+# By default, GraphQL persisted query responses are not cached in dispatcher.
+# If you uncomment and define CACHE_GRAPHQL_PERSISTED_QUERIES variable, then persisted query results
+# will be cached in dispatcher. Using CORS, in that case, will require additional dispatcher configuration.
+#
+# Define CACHE_GRAPHQL_PERSISTED_QUERIES

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/available_farms/default.farm

@@ -91,11 +91,11 @@
 		# well as general marketing related parameters such as e.g. utm_campaign.
 		# Marketing parameters can normally be ignored on most websites as they are tracked
 		# through different means. 
-		/ignoreUrlParams {
-			/0001 { /glob "*" /type "deny" }
+		# /ignoreUrlParams {
+		# 	/0001 { /glob "*" /type "deny" }
 		# 	/0002 { /glob "q" /type "allow" }
-		#	$include "../cache/marketing_query_parameters.any"
-		}
+		# 	$include "../cache/marketing_query_parameters.any"
+		# }
 
 		# Cache response headers next to a cached file. On the first request to
 		# an uncached resource, all headers matching one of the values found here

conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/filters/default_filters.any

@@ -97,4 +97,7 @@
 /0061 { /type "allow" /method '(GET|POST|OPTIONS)' /url "/graphql/execute.json*" }
 
 # Allow Forms Document Services requests
-/0062 { /type "allow" /method "POST" /url "/adobe/forms/*" }
+/0062 { /type "allow" /method '(GET|POST)' /url "/adobe/forms/*" }
+
+# Allow PUT for Forms DocAssurance Services Decryption API
+/0063 { /type "allow" /method "PUT" /url "/adobe/forms/document/assure/encrypt" }