From e17481ae99c375a2d724140e4d65c76972f975c7 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Wed, 17 Jul 2024 00:06:14 +0530 Subject: [PATCH 1/4] Added documentation for security restriction added in html2pdf operation --- src/pages/overview/pdf-services-api/howtos/create-pdf.md | 4 ++++ src/pages/resources/openapi.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/pages/overview/pdf-services-api/howtos/create-pdf.md b/src/pages/overview/pdf-services-api/howtos/create-pdf.md index 1035248c6..71e1f2112 100644 --- a/src/pages/overview/pdf-services-api/howtos/create-pdf.md +++ b/src/pages/overview/pdf-services-api/howtos/create-pdf.md @@ -30,6 +30,10 @@ following formats: If a Microsoft Word/PowerPoint input file has an embedded TrueType font, the output pdf will also contain the same embedded TrueType font. For more information, refer [Benefits of embedding custom fonts](https://support.microsoft.com/en-us/office/benefits-of-embedding-custom-fonts-cb3982aa-ea76-4323-b008-86670f222dbc#OfficeVersion=Windows). + + +We are implementing a new security validation that will impose restrictions on the conversion requests in which:
1. URL Scheme is not HTTPs.
2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc). This will also include cases which will include redirects with non-routable IP addresses. + Please refer the [API usage guide](../api-usage.md) to understand how to use our APIs. diff --git a/src/pages/resources/openapi.json b/src/pages/resources/openapi.json index 622035ae0..23056ec38 100644 --- a/src/pages/resources/openapi.json +++ b/src/pages/resources/openapi.json @@ -2079,7 +2079,7 @@ "Html to PDF" ], "summary": "Convert HTML Resources to a PDF File", - "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.", + "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.
We do not support the following conditions:
1. URL Scheme is not HTTPs.
2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc).This will also include cases which will include redirects with non-routable IP addresses.
", "operationId": "pdfoperations.htmltopdf", "parameters": [ { From 5e444c64ada57a0bc3ab48c3aaea222f5e8f6c08 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Wed, 17 Jul 2024 00:34:50 +0530 Subject: [PATCH 2/4] updated openapi.json path --- src/pages/apis/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/apis/index.md b/src/pages/apis/index.md index 1e5df79d7..3ec933c89 100644 --- a/src/pages/apis/index.md +++ b/src/pages/apis/index.md @@ -1,5 +1,5 @@ --- title: Adobe PDF Services Open API spec description: The OpenAPI spec for Adobe PDF Services API endpoints, parameters, and responses. -openAPISpec: https://raw.githubusercontent.com/AdobeDocs/pdfservices-api-documentation/main/src/pages/resources/openapi.json +openAPISpec: https://raw.githubusercontent.com/AdobeDocs/pdfservices-api-documentation/html2pdf-change-develop/src/pages/resources/openapi.json --- From ea6a9dab337347d64fd6e95251d18f01adb05100 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Thu, 18 Jul 2024 14:37:14 +0530 Subject: [PATCH 3/4] updated the validation description --- src/pages/overview/pdf-services-api/howtos/create-pdf.md | 2 +- src/pages/resources/openapi.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/overview/pdf-services-api/howtos/create-pdf.md b/src/pages/overview/pdf-services-api/howtos/create-pdf.md index 71e1f2112..19707b59b 100644 --- a/src/pages/overview/pdf-services-api/howtos/create-pdf.md +++ b/src/pages/overview/pdf-services-api/howtos/create-pdf.md @@ -32,7 +32,7 @@ For more information, refer [Benefits of embedding custom fonts](https://support -We are implementing a new security validation that will impose restrictions on the conversion requests in which:
1. URL Scheme is not HTTPs.
2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc). This will also include cases which will include redirects with non-routable IP addresses. +We have implemented a new security validation for HTML to PDF conversion for requests containing urls where:
1. The URL Scheme is not HTTPS.
2. The hostname resolves to a non-routable IP address. This encompasses scenarios where redirects lead to non-routable IP addresses as well. Please refer the [API usage guide](../api-usage.md) to understand how to use our APIs. diff --git a/src/pages/resources/openapi.json b/src/pages/resources/openapi.json index 23056ec38..a03bbd800 100644 --- a/src/pages/resources/openapi.json +++ b/src/pages/resources/openapi.json @@ -2079,7 +2079,7 @@ "Html to PDF" ], "summary": "Convert HTML Resources to a PDF File", - "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.
We do not support the following conditions:
1. URL Scheme is not HTTPs.
2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc).This will also include cases which will include redirects with non-routable IP addresses.
", + "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.
We do not provide support under the following conditions:
1. The URL Scheme is not HTTPS.
2. The hostname resolves to a non-routable IP address. This encompasses scenarios where redirects lead to non-routable IP addresses as well.
", "operationId": "pdfoperations.htmltopdf", "parameters": [ { From 266dd3ecda3eece0c317722984aaf9e49ad6a620 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Thu, 18 Jul 2024 20:38:24 +0530 Subject: [PATCH 4/4] added a new line in html2pdf description --- src/pages/resources/openapi.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/resources/openapi.json b/src/pages/resources/openapi.json index a03bbd800..eb639d47b 100644 --- a/src/pages/resources/openapi.json +++ b/src/pages/resources/openapi.json @@ -2079,7 +2079,7 @@ "Html to PDF" ], "summary": "Convert HTML Resources to a PDF File", - "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.
We do not provide support under the following conditions:
1. The URL Scheme is not HTTPS.
2. The hostname resolves to a non-routable IP address. This encompasses scenarios where redirects lead to non-routable IP addresses as well.
", + "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\. Your JavaScript can access the data passed in via the window.json object. You can also provide the URL of the HTML page in inputUrl parameter. However, creating PDF from URL is not supported in External Storage flow.
We do not provide support under the following conditions:
1. The URL Scheme is not HTTPS.
2. The hostname resolves to a non-routable IP address. This encompasses scenarios where redirects lead to non-routable IP addresses as well.
", "operationId": "pdfoperations.htmltopdf", "parameters": [ {