Setting Up Sitecore Reflection authorization for the connector methods

  2 minute read  

As from June 20, 2023. According to the security meassures applied by Sitecore, and described in the Security Bulletin SC2023-003-587441. Sitecore configuration requires adding an explicit list of the connector methods that are allowed to be invoked using reflection.

To prepare Sitecore to allow the connector methods being invoked using reflection:
  1. Open Sitecore.Reflection.Filtering.config for editing.
  • In Sitecore 8.x, this file is in the following location: \Website\App_Config\Include.
  • In Sitecore 9.x and above, this file is in the following location: \App_Config\Sitecore\CMS.Core.
  1. Add the explicit inclusion of the connector methods as following:

<configuration xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:security="http://www.sitecore.net/xmlconfig/security/" xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<reflection>
<allowedMethods>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="Add_Branch_Click" assemblyName="ClayTablet.SC" hint="CT3Add_Branch_Click"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="Add_Item_Support_Click" assemblyName="ClayTablet.SC" hint="CT3Add_Item_Support_Click"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="Add_Rootonly_Click" assemblyName="ClayTablet.SC" hint="CT3Add_Rootonly_Click"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnFieldClicked" assemblyName="ClayTablet.SC" hint="CT3OnFieldClicked"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnSourceChanged" assemblyName="ClayTablet.SC" hint="CT3OnSourceChanged"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="Add_Branch_Support_Click" assemblyName="ClayTablet.SC" hint="CT3Add_Branch_Support_Click"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="Remove_Branch_Click" assemblyName="ClayTablet.SC" hint="CT3Remove_Branch_Click"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="CreationDateFilter_ClearFilter" assemblyName="ClayTablet.SC" hint="CT3CreationDateFilter_ClearFilter"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="ModificationDateFilter_ClearFilter" assemblyName="ClayTablet.SC" hint="CT3ModificationDateFilter_ClearFilter"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="PublishFilter_ClearFilter" assemblyName="ClayTablet.SC" hint="CT3PublishFilter_ClearFilter"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnSelectAllToggle" assemblyName="ClayTablet.SC" hint="CT3OnSelectAllToggled"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnUnSelectBranchFromTree" assemblyName="ClayTablet.SC" hint="CT3OnUnSelectBranchFromTree"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnRemoveItems" assemblyName="ClayTablet.SC" hint="OnRemoveItems"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnChangeSendTo" assemblyName="ClayTablet.SC" hint="CT3OnChangeSendTo"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnSelectBranchFromTree" assemblyName="ClayTablet.SC" hint="CT3OnSelectBranchFromTree"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="RefreshSendStatus" assemblyName="ClayTablet.SC" hint="CT3RefreshSendStatus"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnItemUpdate" assemblyName="ClayTablet.SC" hint="CT3OnItemUpdate"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="OnChangeProvider" assemblyName="ClayTablet.SC" hint="CT3OnChangeProvider"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="chooseSelectItemByJob" assemblyName="ClayTablet.SC" hint="CT3chooseSelectItemByJob"/>
<descriptor type="ClayTablet.SC.CT3_BulkTranslation" methodName="sortJobsByDate" assemblyName="ClayTablet.SC" hint="CT3sortJobsByDate"/>
<descriptor type="ClayTablet.SC.CT3_AddFilter" methodName="OnFieldClicked" assemblyName="ClayTablet.SC" hint="CT3AFOnFieldClicked"/>
<descriptor type="ClayTablet.SC.CT3_AddFilter" methodName="OnOptionFieldClicked" assemblyName="ClayTablet.SC" hint="CT3AFOnOptionFieldClicked"/>
<descriptor type="ClayTablet.SC.ItemTnsStatusForm" methodName="OnClickReload" assemblyName="ClayTablet.SC" hint="CT3ITSFOnClickReload"/>
<descriptor type="ClayTablet.SC.CT3_Translation" methodName="OnChangeSendTo" assemblyName="ClayTablet.SC" hint="CT3Translation_OnChangeSendTo"/>
<descriptor type="Sc.ClayTablet.WorkboxEx.ExWorkboxForm" methodName="LanguageChange" assemblyName="Sc.ClayTablet.WorkboxEx" hint="CT3LanguageChange"/>
<descriptor type="Sc.ClayTablet.WorkboxEx.ExWorkboxForm" methodName="SortChange" assemblyName="Sc.ClayTablet.WorkboxEx" hint="CT3SortChange"/>
<descriptor type="Sc.ClayTablet.WorkboxEx.ExWorkboxForm" methodName="OrderChange" assemblyName="Sc.ClayTablet.WorkboxEx" hint="CT3OrderChange"/>
<descriptor type="ClayTablet.SC.CT3_Translation" methodName="OnChangeLng" assemblyName="ClayTablet.SC" hint="CT3Translation_OnChangeLng"/>
<descriptor type="ClayTablet.SC.CT3_Translation" methodName="OnChangeProvider" assemblyName="ClayTablet.SC" hint="CT3Translation_OnChangeProvider"/>
<descriptor type="ClayTablet.SC.CT3_BatchTmUpdate" methodName="RefreshPrepStatus" assemblyName="ClayTablet.SC" hint="CT3RefreshPrepStatus"/>
</allowedMethods>
</reflection>
</sitecore>
</configuration>
  1. Save your changes.