ContextMode inside filter


We have a filter that configures NWebSec security headers on the response and is to be applied only when not in edit or preview. Trying to find a good way of controlling wether the request is from edit/preview or not.

The only working solution I have at the moment is to pickup the uiUrl parameter from the configuration and check if that part exists in the current Request, like this:

 var uiUrl = EPiServer.Configuration.Settings.Instance.UIUrl.ToString().Replace("~", string.Empty).ToLower().Split('/')[0];
                var currentUrl = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path).ToLower();
                isInEditMode = currentUrl.Contains($"/{uiUrl}/");

I also tried the ContextModeResolver inside my FilterProvider GetFilters method, like this:


But it turns out that all requests that EPiserver does inside the edit mode that has to do with setting up the UI all have the Default mode and returns false to the check above. Only the request to load the specific preview of the page returns true. This makes the filter add headers to all Episerver requests thus making the EditUI to fail and not load correct.

Is there a better way to apply this filter to requests outside of the EditUI than to check the current url for UIUrl key?

Sep 06, 2018 13:39

Internally within CMS we have method that does pretty much as your code to determine if a request is for cms edit UI. The code looks like:

private bool IsEditUiRequest(UrlBuilder url)
            if (url?.Path == null)
                return false;

            return url.Path.StartsWith(_moduleResourceResolver.ResolvePath("CMS", null), StringComparison.OrdinalIgnoreCase);

_moduleResourceResolver is an instance of EPiServer.Framework.Modules.IModuleResourceResolver (you can get it from IOC container). 

There is also an way to determine if the request is for a system directory using the "old" static property EPiServer.Web.HttpRequestSupport.IsRequestSystemDirectory. Where a system directory is considered something within the protected modules part (where e.g. CMS edit is) or Util folder-.

Sep 11, 2018 8:42
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.