How do I secure my hub?

Administrators use your hub's security settings to control which Cross-Origin Resource Sharing (CORS) trusted domains can access the content and assets stored in your hub. They can also set whether authentication is required to access some or all content in the delivery environment (CDN).

Cross-origin resource sharing

Your content composers create a wide range of content and assets, many of which are important commercial assets. You don't want just anyone to be able to retrieve these assets from your hub. This is why you need to carefully assign which domains can access your hub.

Note: The CORS support applies only to Acoustic Content API calls and not for accessing static resources.

Only add domains that require access to the content and assets stored in your hub, such as your web servers or your development environment. Only requests made using Cross-Origin Resource Sharing (CORS) are affected by this setting.

The domain format must be protocol://server:port where the protocol is either http or https, the server is either your server name or its IP address, and the port is the port number of your server. For example: http://my.domain.org:80

Pages and content authentication

From Settings > Administration > Security, a hub administrator can enable an option that gives composers a choice for requiring authentication for content and pages in the delivery environment.

With this option enabled, composers will find this security option in site manager as they create their page or from editing page settings on existing pages. Composers can also discover this security option as they create or edit individual content items.