Vulnerability in EPiServer.Forms
Is there a way to disable Simple Address from CMS (Version 9.3.3)?
I found in some topics something like add a configuration under Episerver tag in web.config
However it didn't worked for me. The field still exists in the CMS Editor. I presume urlRewrite doesn't exists on version 9 (refering to http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Configuration/Configuring-episerver/)
Thanks in advance
Hello Antonio is your requirement simply to hide the simple address in the editor UI?
If this is the case then you can hide the simple URL with the following code:
[EditorDescriptorRegistration(TargetType = typeof(ContentData))]
public class RestrictedUserEditorDescriptor : EditorDescriptor
public override void ModifyMetadata(ExtendedMetadata metadata, IEnumerable<Attribute> attributes)
foreach (ExtendedMetadata property in metadata.Properties)
if (property.PropertyName == "PageExternalURL")
property.ShowForEdit = false;
Hi David. Thanks for your reply.
My requirement is to disable the functionality.
With your solution I'm just hiding the field, right?
Where can I add the config to disable it?
Hello Antionio by hiding the field editors can't create simple URLs so it is effectively disabled.
Is there a specific reason why you need to disable the functionality rather than just stop editors from using it?
I'm not sure if its possible to disable it in config.
Simple address handling is registered as a separate route in RouteCollection.Routes. So you can override RegisterRoutes in global.asax.cs and there first call base.RegisterRoutes and then afterwards remove the ContentRoute that is named "simpleaddress" from RouteCollection.Routes.