The latest XM Cloud release introduces a requirement to authenticate for access to the content management system’s (CMS) content and backend resources. Previously, some resources, including media assets uploaded to the XM Cloud Media Library, were publicly accessible through their media asset URLs without authentication.
This change does not affect XM Cloud customers who already follow implementation best practices, such as consuming XM Cloud content in production environments through Experience Edge only. However, if you currently access any content or backend resources through unauthenticated requests, we strongly recommend that you do the following before the November base image release.
Action required
Make sure you aren't accessing XM Cloud resources through the CMS; instead, consume them from Experience Edge.
If you need unauthenticated access to specific content or resources in the CMS, you can extend the XM Cloud allowlist rules by adding your URLs to the IgnoreRules configuration of the RequireAuthentication pipeline, as shown in the following example. Those URLs will then bypass the authentication requirement.
<processor type="Sitecore.Pipelines.HttpRequest.RequireAuthentication, Sitecore.Kernel" resolve="true">
<IgnoreRules hint="list:AddIgnoreRule">
</IgnoreRules>
</processor>