You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.

Shortcuts

In a production environment shortcuts should be used instead of exposed flows. By default, all exposed flows can be started externally. Please read Create a shortcut in the Runtime on how to create a shortcut. Disabling starting all exposed flows can be done by setting the blueriq.production.shortcuts-only to true in application.properties.

Example in application.properties:

blueriq.production.shortcuts-only=true

AQ_StartProject

By default shortcuts can be accessed externally via the url (e.q. http://localhost:91/Runtime/server/start/<SHORTCUT_NAME>). When using shortcuts in combination with AQ_StartProject you should be aware that this shortcut can also be accessed externally. To prevent this from happening, you should set the property privateAccess to true. The reason for this is that via the AQ_StartProject, parameters are passed to the shortcut application and are picked up via the AQ_GetRequestParameters service. The AQ_GetRequestParameters does not distinguish on how parameters are send, by the AQ_StartProject service or the end user threw the URL. For more information about passing parameters via the AQ_StartProject, please read AQ_StartProject#Security.

Example shortcut in application.properties:

blueriq.shortcut.<SHORTCUT_NAME>.flow=<FLOW>
blueriq.shortcut.<SHORTCUT_NAME>.languageCode=<LANGUAGE>
blueriq.shortcut.<SHORTCUT_NAME>.project=<PROJECT>
blueriq.shortcut.<SHORTCUT_NAME>.theme=<THEME>
blueriq.shortcut.<SHORTCUT_NAME>.ui=<MVC>
blueriq.shortcut.<SHORTCUT_NAME>.version=<VERSION>
blueriq.shortcut.<SHORTCUT_NAME>.privateAccess=true

AQ_GetRequestParameters

The AQ_GetRequestParameters service is able to retrieve parameters from the URL. You should treat these parameters as "dirty", which means you should validate these parameters before using them.