Customizing securemode-urls.xml
The SecureSample applications that are installed with KCM ComposerUI ASP.NET contain an example securemode-urls.xml. This file displays the URLs that must be exposed for the SecureSample application to function properly. We recommend that the developer always modifies securemode-urls.xml to expose only the URLs that are required by the specific application, when building based on the SecureSample custom application. This may involve exposing additional URLs, but we also recommend removal of any URLs that are not required by the custom application. The following list contains URLs that are provided by KCM ComposerUI ASP.NET and that may need to be exposed or unexposed. The column Exposed by default? indicates whether or not a URL is exposed in the default configuration of SecureSample.
| URL | Exposed by default? | Description |
|---|---|---|
| /download.aspx
/opendocument.aspx |
Yes | Required when PDF previews are used. |
|
/textblockview.aspx
/viewtextblock.aspx |
Yes | Required when Text Block preview is used. |
|
/xml2html.aspx
/html2xml.aspx /editorpage.aspx /fieldimage.aspx |
Yes | Required when Editable Text Block Questions are used in dynamic forms, or when TEXTBLOCK questions are used in FORM statements in KCM Master Templates. |
| /empty.aspx | Yes | Required by the sample applications to display an empty frame. |
| /upload.aspx | Yes | Required when FILE questions are used in FORM statements in KCM Master Templates, and when the ActiveX file upload control is enabled. |
| /modelbegin.aspx | Yes | This is a customizable page, the starting point for all Master Templates runs. |
| /runmodel.aspx | Yes | Required for all Master Templates runs. |
| /modelend.aspx | Yes | This is a customizable page, the end point for all Master Templates runs. |
| /modelsuspend.aspx | No | This is a customizable page, which is loaded when the end user uses the button Suspend. The default implementation sends the suspended Master Template run information to the web user as a downloadable file. |
| /modelresume.aspx | No | This is a customizable page, which can be used to resume a Master Template run that was suspended by the page modelsuspend.aspx. The default implementation allows the user to upload a file containing Master Template run information. This is considered a security risk, so the page is not exposed by default. |
| /modelselect.aspx | Yes | This is a customizable page, the starting point for all Master Template lists. |
|
/listmodels.aspx
/openfolders.aspx /modelselected.aspx |
Yes | Required for Master Templates lists, used by the default implementation of modelselect.aspx. |
|
*.js
*.png *.gif *.jpg *.htm *.html *.css |
Yes | KCM ComposerUI ASP.NET ships files with these extensions that should be available through the web. Because files with these extensions are normally public web content, they are exposed by default in the sample applications. |
When exposing custom content through securemode-urls.xml, we recommend to be as specific as possible. The reason for this is that KCM ComposerUI ASP.NET may ship files that should not be exposed, and they could be inadvertently exposed when an overly broad pattern is used. For instance, it is not wise to expose the patterns "*.xsl" or "*.xml", because they expose various internal KCM ComposerUI files. However, it is acceptable to expose the more limited "/myfolder/*.xml".