November Happy Hour will be moved to Thursday December 5th.

SelectionQuery store requests yield 404 in DXP

Ted
Ted
Vote:
 

We experience SelectionQuery REST store requests failing in DXP.

We have a property like:

[AutoSuggestSelection(typeof(VimeoVideoSelectionQuery))]
public virtual string? VideoUrl { get; set; }

Searches work fine both locally and in DXP, with requests URLs like: /EPiServer/Shell/stores/selectionquery/Features.Video.Vimeo.VimeoVideoSelectionQuery/?name=foo*

However, the autocomplete textbox doesn't retain its value in the UI, because store requests for the current value fail with a 404: /EPiServer/Shell/stores/selectionquery/Features.Video.Vimeo.VimeoVideoSelectionQuery/https%3a%2f%2fvimeo.com%2f310066821%2fab94f36985

The value of the selected item in this case is an encoded URL. Without encoding the URL value, the request fails both locally and on DXP (which makes perfect sense).

But since it works locally with an encoded URL value, I think it should work in DXP as well. The only obvious difference is DXP being behind Cloudflare.

I really wish the value would be included in the request body rather than the URL for the store request, but for now I'm trying to figure out why this works locally but not in DXP.

Any bright ideas? :)

#308827
Sep 21, 2023 8:59
Vote:
 

Hi Ted

I had a similar issue some months ago, where a script tag could not be saved in a text property. Cloudflare WAF blocked the POST request because it triggered their XSS blocking rules.

DXP Support solved it by disabling WAF for "/episerver/cms/stores/*" requests. Might be worth trying.

#309396
Sep 23, 2023 22:24
Ted - Sep 25, 2023 7:23
Thanks for the tip, Stefan! I don't *think* that would result in a 404, but it might be worth looking into.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.