230 results found
-
Regenerate Content Graph keys and secrets through Paas portal
Clients should have the ability to regenerate Content Graph keys and secrets in the self-service Paas portal.
6 votesGood news - this idea is now being explored by our product and design teams. We’re researching potential solutions and scoping out what an implementation might look like. We’ll share updates here as our thinking evolves.
-
Implement SRI attributes for injected JavaScript & Styles
The Optimizely PAAS CMS platform has multiple touchpoints where scripts are injected into the frontend UI. Examples include Optimizely Forms, Content Recommendations, Search & Navigation etc.
When these scripts are injected into the UI, they are not added with a Sub-resource Integrity attribute. An SRI check allows us to instruct the browser that it should not load a tampered version of a JS or CSS file and can protect users from man in the middle attacks. You can read more about SRI here: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
This is a commonly reported issue in penetration tests and clients are becoming increasingly more security…
10 votesThanks for raising this - just to let you know this is now in our backlog. While we can’t share an exact release date yet, this means it’s planned for consideration in the future. Thanks for helping us prioritize this work.
-
CMS Page Previews
When previewing unpublished pages in the CMS, nested blocks (such as unpublished child blocks within a parent block) do not display correctly at the page level, making it impossible for publishers to see the full layout and content as it will appear when published. This limitation forces the team to rely on the Advanced Review plugin, which does show all nested unpublished content but introduces extra steps and performance issues.
11 votes -
Site-specific Wastebaskets for multisite
As of now all sites share the same Wastebasket in a multisite. We need site-specific wastbaskets so that only the editors with access to a site (and wastebasket) can go to the site-specific wastebasket and delete content. Closing in to almost 100 sites with extreme amounts of data, our wastebasket is not possible to navigate - even for admins.
3 votes -
IP Address restriction in Cloudflare
It would be great if we could configure an IP Address whitelist in Cloudflare so that we only allow a specific set of source IP Addresses to be allowed to access our DXP instances. This will allow us to block public access to non-production environments
2 votes -
Access restricted for Specific user with expert import
We need to configure roles in Optimizely to grant specific users permission to use the Import and Export functionality.
Access must be restricted based on the users’ assigned business units. For example, if a user is assigned access only to Asteco, they should be able to perform import and export activities strictly within the business units (e.g., Asteco and Pactive) aligned with their permissions.
Users must not have visibility of or access to any other projects beyond their assigned business units.
3 votes -
App Insights alerts
Self-serve creation of alerts in App Insights based on specific thresholds exceeding a limit will help be proactive in responding to potential performance issues or other problems
11 votes -
Visual Builder: When changing style settings or property values in the outline panel, the left preview panel always refreshes
CMS SaaS: I have just converted my project from using @remkoj/optimizely-cms-nextjs to @optimizely/cms-sdk, but the live preview sync for style settings and property value updates is not as smooth as with @remkoj/optimizely-cms-nextjs.
Previously, my project worked very smoothly in Visual Builder mode. It only updated the element I changed and did not refresh the entire iframe.
However, after switching to @optimizely/cms-sdk, whenever I update anything, it always refreshes the preview iframe, resulting in a very poor user experience.
Is this expected behavior, or am I missing something?CMS 13: We’re seeing the same full iframe refresh issue on Optimizely CMS…
1 vote -
Copied pages to be Draft rather than Published by default
Global Digital Marketing Director.
When I copy and paste a page in the tree its status is always published or maybe it is the same of the page it is being copied from. I want to make the status of that page unpublished by default and then publish is manually later on, without requiring additional development work.
There have been other threads about this in the past eg https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2018/5/copy-and-pasted-pages-always-have-published-status/
3 votes -
Disable Allowed Content Types Description in CMS 12 Edit View
In CMS 12 Episerver Edit interface we noticed a new feature: above all ContentArea fields, a description appears listing allowed content types (Refer attachment).We’d like to have this removed. It seems to add more confusion than clarity for our editors. We already enforce allowed content types using the [AllowedTypes] attribute in code, so displaying the full list in the UI—especially including unrelated options like Episerver Forms elements—is unnecessary and distracting.
This description wasn’t present in CMS 11, and we would prefer to maintain that cleaner editor experience.9 votes -
Add .NET Counter publication to App Insights on Startup
There are a whole suite of .NET counters available to use to publish to App Insights. This is a low-lift modification that enables us to gain many insights, directly inside of App Insights Metrics, we can utilize to diagnose issues on customers.
This enables us to do performance investigations that otherwise require manual intervention (such as downloading .ETL files and opening them in PerfView or capturing dump files and analyzing them).
We can skip these manual steps and jump write to "close to root causes" by publishing this information. There is little cost and no significant performance degradation associated with…
1 vote -
ease see the below request about deploying ‘Google Tag Gateway’ in Cloudflare which is not currently supported in DXP
We want to be able to deploy ‘Google Tag Gateway’ in Cloudflare which is not currently supported in DXP. This gets the Google tags to appear as first-party. The tag setup in GTM is otherwise the same and it should still obey the OneTrust cookie consent.
1 vote -
Add Custom .NET Core Event Counters to CMS
In order for development teams to identify development issues within their implementation they need to be able to see under the hood of their implementation and inspect the qualitative metrics of their implementation.
Additionally, within our production environment, we should have a variety of metrics available to us to diagnose the quality of an implementation. These metrics would help guide our investigation as the
Currently, this is missing and we have major issues with partner and customer implementations because of it and our MTTR within our production environments is protracted because of the lack of this information.
We also need…
1 vote -
Ability to smoke-test more than 1 site during smooth deploy (slot domains)
Ability to smoke-test more than 1 site during smooth deploy (slot domains)
As a CMS developer and QA specialist we want to be able to smoke-test multiple sites so that we can detect potential issues on all our sites during deployment with DXP Cloud Platform to our multi-site CMS platform.
When we deploy to PREP/PROD we get a temporary SLOT to run our smoke-tests against. For example:
https://projectidprep-slot.dxcloud.episerver.net/
https://projectidprod-slot.dxcloud.episerver.net/
These are the default URL provided by Optimizely and are configured on the first website. We would like to be able to smoke-test multiple sites on the SLOT instance.
We could…
5 votes -
25 Production Service Buses Broken
We need to define what "working" means for a service bus so that reliability engineering can maintain reliability based on these metrics.
When a service bus no longer functions, reliability engineering should be equipped with the capacity to upgrade service buses in order to meet a component-specific SLA.
We need product management to define what "working" means for a service bus so reliability engineering can respond appropriately when a service bus is "broken" rather than having to go back to PM as though we need a exception for every broken service bus.
We also need monitoring in place to ensure…
1 vote -
Assess binding settings to resolve resets
We need to evaluate whether setting the suggested Microsoft setting is worthwhile to resolve resets. As part of that effort, we would have to evaluate the risks of doing so.
1 vote -
Ensure Release Notes on nuget.optimizely.com
When navigating from a specific version of a DLL on nuget.optimizely.com. For example:
https://nuget.optimizely.com/packages/episerver.cms.ui.core/13.0.2
via the right-nav's Release Notes link that offers a filtered view of the packages, you see nothing in the filtered list.
Preferably, we should be eliminating this extra hop to have to click to the underlying page.
The release notes should be surfaced directly on the nuget.optimizely.com website so no further navigation is necessary.
Release notes for package should include an aggregation of all of the underlying changes' release notes.
This information should also be available within Visual Studio.
Without such information, developers can't know why…
1 vote -
Fix NuGet Search UI on world.optimizely.com
Many deficits exist within the NuGet portion of world.optimizely.com.
An effort should be made to rectify the UX experience within the site to:
- Make it more user friendly.
2.) Make it so that our NuGet search functionality works appropriately within production.
For example, you should be able to filter the UI not just by the package name, but the DLL. See - https://docs.developers.optimizely.com/content-management-system/docs/nuget-package-families-in-cms
1 vote -
Identify and Aid Customers with Production Live-Locks
There's the concept of a "dead" lock and a "live" lock. A live-lock is essentially a race condition within a production environment. It causes stair stepping of CPU usually until the server crashes.
This often happens when a developer accidentally uses a non-thread safe object in a multi-threaded manner.
The object (for example a HashSet) being used needs to be identified and a thread safe type needs to be replaced so that the live-lock goes away and the CPU goes back to normal.
1 vote -
Down-Sampling Service Bus App Insights
Much of the log analytics costs come from voluminous amounts of service bus activity that is largely useless for analytics purposes. We could generally use a fraction of the analytics and we would be just fine.
For diagnostic purposes, we generally need to inspect the contents of the service bus itself to identify problems.
1 vote
- Don't see your idea?