Siteimprove.Plugins.Sitefinity 3.0.0

Supported for Sitefinity 15.1.8321 and above

Add to Sitefinity

1. Open your Sitefinity solution in Visual Studio
2. Install the Plugin via NuGet package. Use the Nuget Package Manager or simply execute the followingcommand Install-Package -Id Siteimprove.Plugins.Sitefinity targeting your main Sitefinityweb project
3. Build the solution in Visual Studio
4. Run the project and ensure the module is installed by going to “Administration > Modules & Services”

Configure the Plugin

If you are using the Sitefinity Web Security module (https://www.progress.com/documentation/sitefinity-cms/web-security-module), it will not block all external scripts by default. That applies for the ones Siteimprove needs to load its overlay. To enable the plugin from the WebSecurity module:

1. In the Sitefinity backend, go to “Administration > Settings > Siteimprove”
2. Scroll down to the “Web Security Settings” section and click “Allow Siteimprove Scripts”

Advanced Options

The Siteimprove Plugin has the following configuration options, which are located under Settings > Advanced Settings > Siteimprove

Log Activity in the Browser Console

Checking this setting to True, will generate logs in the browser console, so that you can monitor the activity of the plugin. Useful for debugging on just ensuring that it works as expected.

Script Url

With this settings, you can configure the Url for the main script that will be used by Siteimprove to load its libraries. By default, the Url should be https://cdn.siteimprove.net/cms/overlay.js

Api Tokens

This section aggregates token/domain pairs needed to speak to the Siteimprove's API. The Plugin will automatically generate the token/domain entries if a token for the current domain is missing:

• Domain - Domain managed in Siteimprove and served by Sitefinity, i.e. https://www.mydomain.com
• Token - The Api token that will be used by Siteimprove to manage the respective domain, i.e. 8669723c3a4e475cbe2b303b690a3db6. It is auto generated by Siteimprove

Going Live

• You will need the plugin installed and activated only on the Sitefinity nodes where the backend will be accessed and content publishing operations will be executed. Since it is only visible to backend users as they browse the backend, it is simply doesn't needed on pure frontend nodes
• The Plugin follows the Siteimprove integration guidelines and generates API tokens for each domain included in the Siteimprove optimization services. By default those API tokens are going to be persisted in the App_Data/Sitefinity/Configuration/SiteimproveConfig.config file located in your Sitefinity project and it will look something like this:

<?xml version="1.0" encoding="utf-8"?>
<siteimproveConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="10.2.6600.0" logActivityInTheConsole="True">
	<tokens>
		<add token="37bf8cd59acd4f07a53cfeae8e45a853" domain="https://your.public-domain.com" />
		<add token="4df27be12550451086r0950da941e4c2" domain="https://your.other-public-domain.com" />
	</tokens>
</siteimproveConfig>

Thus, it is recommended to include the API tokens in your configuration transformation and environmental variables and to also generate the tokens ahead of time prior to deployment. This applies especially for Load Balanced and Cloud setups where multiple servers can operate as Sitefinity backend nodes.

If the Plugin cannot resolve the API tokens for a given domain, it will use the Siteimprove external API to fetch them and upon successful fetching will store them in the SiteimproveConfig.config.

• Ensure that the web server can reach the following two Urls, on which the Siteimprove's API is being used to request tokens and recheck operations: ⋅⋅* https://api-gateway.siteimprove.com/cms-recheck ⋅⋅* https://my2.siteimprove.com/auth/token

Troubleshooting

In case of errors, the plugin will provide verbose error logging using the Sitefinity default error logger. In case you are monitoring its production performance or are trying to troubleshoot its behavior, your should check the Sitefinity error logs for details.

Security

Since Sitefinity 11, there is the Web Security Module, which runs alongside with Sitefinity. The module enforces many security rules, which control the resources that the user agent is allowed to load. It specifies the server origins and script endpoints for page resources.

During inital installation or upgrade, the Siteimprove Plugin should programatically modify those values, so that the required scripts are allowed to be loaded onto the Sitefinity pages. If for some reason, this operation is not succesffull, you may see "Content-Security-Policy" error in the browser.

In case of Content-Security-Policy error, ensure that the correct values are added in the WebSecurity section in the advanced configuration. Go to Settings > Advanced Settings > WebSecurity > HttpSecurityHeaders > Response Headers > Content-Security-Policy. Content-Security-Policy HTTP header controls the resources that the user agent is allowed to load. The Http header value contains semicolon delimited values for every resource type of the Content-Security-Policy header. Edit this value and ensure the resource types from below contain the following values:

• script-src contains https://cdn.siteimprove.net
• connect-src contains https://*.siteimprove.com
• child-src contains https://*.siteimprove.com

Save these settings.

For more information on the Web Security Module in Sitefinity, visit the official Sitefinity documentation

License

The code of this repository is licensed using MIT license.

Using the Siteimprove plugin falls under the Siteimprove CMS Plugin terms