Sitecore and More: 2023

Saturday 25 November 2023

The SUGCON ANZ 2023 Experience

That's a wrap for SUGCON ANZ 2023 in sunny Brisbane! I was fortunate enough to be able to make it, and as my first experience of Brisbane it was lovely to have been to spend some time before the event running along the banks of the Brisbane River on the Thursday morning after I landed, as well as experience some of the evening atmosphere on the Thursday evening going out to dinner with some of the crew. What a great city! It was also fantastic to see so many familiar faces, and meet a bunch of new ones as well. Everyone was super friendly and up for a chat - plus it helps that we all have (at least) one thing in common!

I thought it would be worth sharing a summary of events for those who couldn't make it - hope to meet some more of you next year!

Day 1 (Thursday)

Richard Hauer - as one of the organisers - kicked things off with a brief welcome, and was quickly followed by Gus Quiroga (Sitecore AVP) who invited us all to be "open to inspiration", providing a few examples of a few historical figures who proved that we “don’t have to re-invent, only to re-imagine”.

Vignesh Vishwanath ran the first session "Migrating from Platform DXP to Composable DXP". He started by asking for a show of hands for which version(s) of Sitecore you're currently working on. For the 10.x series there was a fairly even split of the room, by the time we got to 9.2 there were only a couple of hands, but the big surprise was the few hands for 8.x, 7.x, and 6.x!! Obviously some happy (or scared) customers to still be running those ancient versions. He assured everyone that XP wasn't going away, and that 10.4 would be released Q4 of 2024, and that obviously all the new composable stack was still very much compatible with the platform (XM/XP) products.
He then ran us through a couple of products which the Sitecore team are working on to assist the migration from platform XP ("the monolith") to composable:

xDB -> CDP (+ eventually Send) migration for Sitecore 9.0+
If you have XP + CDP even though this uses Connect it would come at no additional cost.
1million users (with a couple of custom facets) migrated in ~9hrs
They're currently looking for pilot projects, if you'd like to be involved!
XM on-prem content + users (10.1+) -> XM Cloud migration
GUI based
Select your content items and/or users and the tool handles the rest
No size limits

Very exciting stuff! No doubt will be incredibly useful for many clients.

Next Greg Baxter ran a session on "Which Sitecore Personalisation Tool is Right for You?" where he took us all (in great detail, as he describe it: "a rabbit hole") through different ways to personalise depending on "where you are at, and where you want to go". XP is still very robust and reliable, but if you haven't yet started on the journey then it's best to go with XM Cloud (to start with) and/or Personalize (for those who need more); the future is clearly the latter options.

The Dataweavers team, in their quick sponsored session, took us through how - now that there are so many Sitecore products to deal with at the same time - it's important to have good DevOps, PerfOps, and SecOps. Naturally they wrapped with their plug: that they have the experience and tools to do this efficiently and effectively for any clients.

After lunch we needed to select from a couple of different tracks: developer or marketer. This first day I went full developer.

Vincent Lui from CPA was up first with a session on "Abstracting Personalisation" where he described a bit about what CPA does and how it benefits its members. He went through a bunch of the tech that CPA uses to ensure that they collect as much data as they need to personalise for their users using a couple of different tools - CDP and EDP - and how these differ but complement each other. Naturally given the PII being collected there are a great number of tools and processes that are in use to protect the data, as well as restrict how it's used.

Yevgen Spektor then followed with a session on "Estimating the upgrade from monolith DXP to XM Cloud" which covered how XM Cloud / headless allows for better separation of concerns, faster builds and deploys, and takes load off Sitecore (ie no CD servers). Key considerations for the move include: serialization (eg. Sitecore content serialization) that most Sitecore modules no longer work, personalisation needs to be refactored, there are no longer custom Solr indexes, there will be little-to-no custom (.NET) code, you need to use Docker, and you'll probably use webhooks. The team structure will also be largely focused on the frontend devs, with little to no backend. Definitely some things to keep in mind there!

Next Navneet Pisharodi's session "Exploring a Modern Vercel Frontend for XM Cloud? An Architectural Viewpoint." took us through hosting a headless app in Vercel. Not only are they the creators of Next.JS (which you're very likely to be using to build your Sitecore head) they are easy to use with many efficiency gains like gitops (also allowing for immutable deployments and instant rollbacks) and many easy integrations (logging to SumoLogic being the example provided). Not to forget, Vercel is a partner of Sitecore meaning that (fingers crossed) any new developments on both sides will quickly be integrated into the other party's product(s). Licensing and costs were the final key consideration called out - pretty much always the case, but in this particular scenario if you're not familiar with headless hosting it can be something which may catch you out, or be difficult to estimate.

To end the day, Gus once again took the stage to award the Ultimate Experience award to Destination Gold Coast and their partner PING for their excellent use of Sitecore.

Day 2 (Friday)

Sanchia Stafford-Gaffney and Troy Outtram from Deloitte kicked off day 2 by reminding us that we in the room are the fortunate few, and there are many people globally struggling in many different ways. Deloitte has started a Digital Career Compass to help those struggling to find jobs in digital, mentored and trained by people like us and potentially going on to be employed by companies such as Sitecore (as well as a bunch more they also listed). Not only do these candidates come from a vast array of backgrounds bringing with them a wide variety of experience but they are generally super driven and excellent employees.

Following this we then split back into Devloper and Marketer streams once more, where I attended:

"From Frustration to Success: Marketers' Guide to Sitecore XM Cloud Do's and Don'ts" by Raman Gupta and Vikas Kumar was an excellent walk through their learnings from experiences implementing XM Cloud. Not only a great list of "dos" and "don'ts" (especially for those of us who haven't yet had the chance to work on a full XM Cloud implementation) but they also treated us to an excellent demo of XM Cloud and the component builder. If you'd like to download a copy of their list you can fill out the form on their website to get a free copy.

Rajesh Sure then took us through a bit of a deep dive into webhooks in his session "Unlocking Seamless Connections: Leveraging Sitecore Webhooks for Enhanced Integrations". Not only did he cover the various types of webhooks and how they are used (a couple of key considerations are: timeouts, and the fact that there is no retry logic), but he also had a great demo of a webhook triggering a message to Slack and email, for which he walked us through the code. Super useful stuff!

Andy Cohen from the Sitecore product team followed up with a peek under the hood of some Sitecore tech (XM Cloud in particular) in his session "Building for Resiliency" where he explained how Sitecore uses event-driven architectures, liveness checks (with tools such as Apache Kafka and Azure App Configuration) to ensure that Sitecore can handle all sorts of "outage" scenarios. Not only that but he suggested a few books around event-driven architecture and domain-driven design that I'll need to take a look at some time!

vNext up I went to the session "Exploring Atomic Design with Storybook in Next.js for Sitecore Headless" presented in part by an old teammate of mine Arif Uzzaman, as well as his client Nikunj Sanghadia. In this breakout they took us through how frontend developers barely (if at all) need to know Sitecore, and can utilise atomic design to ensure consistent design between components, as well as Storybook to preview and showcase their output. Not only that but it's easy to produce components which look great and play well in Sitecore. As someone who uses Storybook extensively (but not atomic design at this time) this was quite familiar, and there were some great (and funny) questions from others in the room going through a similar journey.

Alistair Deneys from the Sitecore product team, in his session "Exploring the Experience Edge GraphQL Schema", walked us through the different GraphQL schemas for XM/XM Cloud and ContentHub / ContentHub One and various ways these could be used for different technical requirements. Not only that but he presented it all on his custom-built .NET MAUI interface consuming content from ContentHub One. Super cool!

The final sessions included Arul Pushpam Murugan who gave an inspiring talk "Empowering Women in Tech: A Journey of Growth with Sitecore" where she took us through some of the hurdles she herself had to overcome, as well as tips for other women in the industry.

Sandy Drew then took us through the technical side of Toyota's XM Cloud build in his session "Driving hybrid success with Toyota Used Vehicles" which sounded like a great implementation, utilising Next.JS SSG and Discover.

Final Thoughts

Whether Sitecore's indeed at an "inflection point" (as Gus put it at the start) it has clearly matured even over the last year or so. It's clear that even though there are still a vast number of clients and partners nursing old Sitecore instances (many of which are no doubt out of support), there are also a really healthy number of companies who have not only made the leap to composible (or hybrid) but have completed implementations and come out unscathed, and ready to share their story. Sitecore is listening and learning from those first implementations, and the "new" SaaS products are continually improving. At this point, if you're considering Sitecore's new products, you're not an "early adopter" or "trailblazer" you're just in good company.

It's great to come to community events like this where it's not all vendor-painted roses and sunshine - "our product is the greatest and can do everything". Here you'll find real stories and talk to real people who can reassure you of the reality - that even though not 100% of what you want/need to do will be a walk in the park, it's all achievable when we share our knowledge, experience, and love of developing with Sitecore.

Tuesday 14 November 2023

SUGCON ANZ!

Just booked my tickets to SUGCON ANZ! Looking forward to seeing some familiar faces, and hopefully meeting some new people as well. Many (if not all) of us are all introverted techies, but remember we're all there for the same reason; if nothing else try to say hi to the person sitting next to you :)

There's a great agenda - it's certainly going to be tough choosing between some of those afternoon sessions. Don't forget that on the first day registration opens at 9am, but the real fun doesn't start until after midday. That should hopefully mean some reasonable flight times (and hopefully prices).

Hope to see you there!

Sunday 8 October 2023

Security & Permissions with headless Sitecore

Security is a big headline these days (and should always be in the forefront of anyone's mind) and when it comes to content permission and user authorization the Sitecore "monolith" has always provided these capabilities out-of-the-box; however with the giant shift to headless over the last couple of years (or more) and now the move to SaaS these have grown vastly more complicated than the simple out-of-the-box content-permission-setting capabilities we used to know and love.

The issue

So why is it that things are now more complicated?
With the move to headless and composable, we have more of a separation of concerns - in this case, separation of the authentication/authorization, the display (/render) of content, and the provision of content. This is most evident (technically, at least) in the use of REST and GraphQL by the headless code to retrieve content from the CMS (or DXP if you want to be fancy) where renderings were previously automatically provided their content by Sitecore.

The Sitecore "monolith" provides all 3 of these capabilities:

Auth* through old ASP.NET users/roles, Federated Authentication, or Sitecore Identity

Authenticates and assigns roles to user for authorization

Display/render of content through .NET MVC controller/view renderings (let's not talk about webforms or XSLT)

Authorizes user by checking permissions set on content in Sitecore XM

Provision of content through (amongst other things) datasources provided and consumed by the renderings

In the new headless/composable world, these would be:

Auth though a separate identity provider (IDP) such as Okta / Auth0 / OneLogin / MS Entra

Authenticates and assigns roles to user for authorization

Display/render of content through headless SDKs such as Next.js (using REST / GraphQL)
Provision of content from Sitecore XM / Content Hub / Content Hub One

Notice something missing in the second list? Hopefully you did, as it's highlighted in bold in the first list!
There is now a disconnect between the roles assigned to the user by the IDP, and any roles you create in Sitecore / the permissions set on content.

This disconnect has no doubt been encountered by anyone working in a headless environment which requires their users to log in, and I have seen a few examples of how various people have thought about / tackled a solution. The following sections outline my approach.

A solution

There are 2 gaps mentioned above, and in case you missed them these are:

A disconnect between roles assigned to a user by the IDP and roles in Sitecore (ie roles assigned to content)
No out-of-the-box capabilities by the headless SDK to determine whether users are authorized to view content

You might be thinking "but both the GraphQL and REST endpoints support authorisation!". This was my initial thought, and I spent quite a bit of time deep diving into whether this was a viable option (ie. calling the layout service / GraphQL using the authenticated user details from the headless code). Let me save you a lot of time and headache: short of a quick and dirty option (simple logged in / not logged in user content, for example by swapping which API key you use to call the layout service) this isn't going to be an option you can use for anything serious.

I have seen other solutions which propose mapping the permissions (ie. roles <=> content) in a separate system, however my preference was to keep this within Sitecore. Sitecore XM still offers a flexible and robust ability to assign which content should be accessible by which users/roles, and building this again / finding a separate solution just seems like extra effort for no reason. I also personally do not feel like using this existing functionality goes against the spirit of composable at all. This mindset was the foundation for the remainder of the approach below.

I'm not going to dive too deeply in to the first point in the list above - suffice it to say there will need to be a way to ensure your roles in Sitecore match the roles assigned by your IDP. There are at least a couple of options:

Configure role serialization, dynamically generate a yml file containing the roles, and dotnet sitecore ser push it
Create an API endpoint on your Sitecore CM which calls System.Web.Security.Roles.CreateRole()

The meat of the dev work required, as far as I'm concerned, lies in exposing the roles and consuming them as part of authorization in the headless code.

Exposing the permissions

After setting the content (item) permissions (an out-of-the-box Sitecore XM exercise), the first thing that needs to be done is exposing these permissions. Content is consumed by the headless code either via the layout service, or GraphQL, so these are the 2 scenarios that need to be covered.

GraphQL:

The quick and dirty way is to patch out the standard field filter, and add the security fields into your schema.
Note: this is not going to work if you're using Edge (/XM Cloud).

If you want a version which is compatible with Edge / XM Cloud, you'll want to create your own "faux security" field (you might call it "permissions"), and copy the standard (__Security) field value to this custom (permissions) field in a item:saved event handler. See this stackexchange answer for an example of a similar event handler.

Layout service:

See sample repo

The layout service filters out all the standard fields (including __Security) in the FieldFilter method of JssItemSerializer (or whichever item serializer your site is using) so we will need to patch that out and add our own filter.
We then want to serialize our security field in a more readable format, which we can do in a custom SecurityFieldSerializer.

After this is done we can see all the __Security fields in our layout service result!

Authorization in Next.js

When it comes to Next.js, authentication really comes down to next-auth which has a host of IDP plugins out of the box (or you can develop your own easily enough if you really need / want to). Authorization, however, is a custom exercise. Long story short: once the SDK has called the layout service, the headless code needs to parse the permissions and prevent the user from seeing the page, or hide the appropriate content on the page from the user.

Again, there are 2 parts to this: security at a page level (not authorized to view the page) or at a component level (hide a component from the user by removing it from the layout).

These can both be accomplished largely by customising normal-mode.ts (at least in Sitecore 10.2) with a helper to parse un-formatted security fields.

Page level (lines 68-74) and component-level (lines 77-80):

In the former we simply check the page security field, and in the latter we loop through all placeholders and check the security field set on the datasource. This does not necessarily cover 100% of your use cases (components without datasources for example) but the rest can certainly be implemented in a similar fashion.

Conclusion

Securing certain content - to be shown only for authorized users - has been a site requirement for almost as long as the web has been around. The advent of headless and/or composable mandates a new way of thinking and new approach to securing your site content.

With the logic provided above you should be able to both cover the vast majority of your permissions cases, as well as have a solid foundation for custom use cases where permissions might be needed within each of your components.

If you've made it this far - firstly thanks for reading! - I hope you learned something new today, or maybe re-enforced something you already knew. I'd love to get your feedback either way, so please leave a comment below, whether it's in agreement or some constructive criticism!

Tuesday 22 August 2023

502s Massive Headers and So Many Cookies

We recently came across an (initially very confusing) issue where, on our cloud environments, a couple of fairly inconspicuous - but consistent - pages were making the server return a status code 502, or 520. These environments had Cloudflare in front of them, which was showing us the 502 response, but our development environments (without Cloudflare) had no issues and the same pages and content loaded just fine.

Now I'll preface this by saying it was certainly something we (now know we) were doing incorrectly, but for the sake of anyone else who happens to come across the same thing I thought I'd share the debugging, findings, and fix.

So the natural first step to narrow down the cause of most things is to remove stuff from the page until it starts working again! By first removing components from the page(s), and then removing particuar portions/lines from those components, we found that it seemed to be next-auth related lines where we were fetching session info using useSession() (frontend) and/or getServerSession() (backend). At this point we were pretty stumped: these same calls were working just find on some pages, but on a couple of particular pages they seemed to be causing issues... time for a web search to see if we can at least narrow things down!

A quick search for "502" and "next-auth" brings up a few useful results, but in particular this stackoverflow answer seemed to indicate it might be something to do with headers. At least we had somewhere to start! Hosting for this project was in AWS, with EC2 instances behind a load balancer, all of which sits behind Cloudflare. As Cloudflare is the front endpoint showing the error, the natural instinct is to pit it on something to do with Cloudflare. Hitting the endpoint from another server within the same network (bypassing Cloudflare) showed that the 502 was still returned. After that, the infra team provided us with the info we needed about header sizing (from the AWS load balancer limits):

Name	Default	Adjustable
Request line	16 K	No
Single header	16 K	No
Entire response header	32 K	No
Entire request header	64 K	No

It didn't take long to find that this was indeed likely the issue - a quick look at the header size for one of the pages showed it was certainly above the limit. Next question was obviously: "why"? That's quite a hefty size for headers. Again, taking a look at the headers for one of the pages, it didn't take long to see the issue:

and there was more to it than just what's shown here!

Wow, that's a lot of (very big) cookies being set in the headers... a very big WTF was in order!

Now for those who aren't familiar, these cookies are set by next-auth and split/chunked (session-token.0, session-token.1 etc.) at 4kb by default. That's fair enough, we expected to see a couple and potentially very large ones; certainly not up to a dozen or so.

The Realisation

What came next was a lot of debugging, stepping through our code, the next-auth code, and to skip to the end: the realisation that every time getServerSession() is called, a new cookie (chunked, so actually multiple cookies) is set!

In our case, we had a few Sitecore headless components which had their own getServerSideProps() (component-level data fetching) and inside this method each component was calling getServerSession() to get the session data it needed to fetch its data. Ergo for each component using the session, a new cookie was created, blowing out the header size (and potentially causing session issues as well).

The Solution

So we had pinpointed the issue - now what? These components needed the session info (eg. user's account ID) in order to fetch their data, this wasn't just something we could do without.

The key here is to understand how the component-level data fetching works: if you take a look at the [[...path]].tsx file which you get from a default instantiation of a Sitecore headless project, you will see inside it a getServerSideProps() function, and inside that a call to sitecorePagePropsFactory.create(). This is the starting point for the getServerSideProps() call of each component.

If you follow the code, you will see the SitecorePagePropsFactory in page-props-factory\index.ts loops through each "plugin" and executes it, using a context, and setting props. This context is the one which comes through in the getServerSideProps() function at the component level.

In [[...path]].tsx:

Using this knowledge, we can fetch our session in [[...path]].tsx, the starting point for all server-side logic, and pass it through in the "plugin context" to each component, so that we don't have to re-fetch it.

const session = await getServerSession(context.req, context.res, authOptions);
await sitecorePagePropsFactory.create({ session, ...context});

then in each component:

export const getServerSideProps = async (_rendering, _layoutData, context) {
  const fetched = fetchSomeData(context.session.userId);
}

Hope this helps anyone else who comes across this issue (or something like it)!

Sunday 23 July 2023

Secure (HTTPS) Your Non-Prod Next.JS Headless Sites

Preface: this isn't something you'll want to want to use in production, but great for non-prod or local environments!

If you're running Sitecore on Windows servers (not Azure PaaS where you can simply get a free managed certificate), and want to re-use your infrastructure (eg. in a non-prod environment or for testing purposes) you may choose to use that same Windows machine to run your headless app. This can save on costs, energy that can be spent on development (or setting up production), and help just to keep things simple.
Obviously there are heaps of hosting providers such as Vercel where you could run it, and if that's an option that works for you I would certainly recommend it. If not, read on...

The simplest way would be to copy your code to the same server - in a new folder beside your Sitecore installation - install Node and run: npm start:production. This will start your app on port 3000 (or whatever port you have configured).

This is fine if you just want to preview your app, but if you want it to work inside of Experience Editor, and your CM instance is using https, you'll need your app to also be served securely (or else you'll see a very broken site!).

Obtaining a Domain Name

I'm not going to tell you how to go about getting a domain name. Presumably if you've got Sitecore up and running somewhere you know how to go about getting a domain name, or already have one (and/or can use a sub-domain). I'm a fan of Namecheap, but whatever is cheapest/easiest!

Obtaining a Free Certificate

Easiest way to get a free certificate (on pretty much any system) these days? LetsEncrypt!

Download CertBot from the letsencrypt site
Install it
Temporarily stop your IIS server (if it's running) so that Certbot can use its own server
Request a certificate by running:
certbot certonly --standalone -d "*.your.domain.com"
(or any of the other methods such as DNS validation)
Start your IIS (if you stopped it in #3 above)

HTTPS Using the Certificate

Since we're using Node anyway to run the headless app, we can make use of the local-ssl-proxy package to proxy your app through HTTPS with a single line!.

Open a command prompt and run:
npx local-ssl-proxy --key C:\Certbot\archive\your.domain.com\privkey1.pem --cert C:\Certbot\archive\your.domain.com\cert1.pem --source 443 --target 3000
(obviously substitute your port 443 for anything else if it's occupied!)

Simple as that! It's so easy there's no excuse not to be using HTTPS for non-prods (or even local!) :)

Saturday 17 June 2023

Monitoring Azure Web Jobs Availability

...and now for something non-Sitecore related!

I help run a friend's small family business website in Azure where we use PDF generation through an Azure Web Job which runs on the same App Service Plan as their website (to save on costs).

Recently we've been seeing issues where the Web Job decides to suddenly stop, and I have to manually restart it - easy enough, but very frustrating (and they have to ping me to tell me when they notice). While I look into the cause of the issues I thought it was worth setting up some alerts so that I can be a bit proactive and start the Web Job before they notice (if possible).

You might think that this is a simple case of setting up a standard Alert in Azure Monitor, but Web Jobs work differently (effectively, behind-the-scenes) and there is no easy way to do this out of the box.

Fortunately, there are a few blogs around such Monitoring Azure WebJobs Health with Application Insights – Kloud Blog, which can show you the way. Unfortunately most, if not all, suggest an old method of using Visual Studio to record a test rather than using some of the newer functionality of App Insights which supports headers. Now it's a nice and simple process!

So without further ado, the steps:

From the Azure Portal, download your publishing profile - containing the username and password to access your Kudu environment, including deployments and APIs used to fetch Web Job status
Calculate the Kudu API endpoint where you can see the status of your Web Job
https://your-web-app.scm.azurewebsites.net/api/triggeredwebjobs/YourWebJob
Use Postman or a tool like Basic Authentication Generator to calculate the base64 encoded username + password to use in your Authorization header.
You should be able to call the endpoint in Postman and see an example
Create an availability check in App Insights which calls your endpoint with the Authorization header and checks for a status of "Running"
Create an Alert in Azure Monitor which alerts you if the health check fails

Wednesday 10 May 2023

Locking down requests from Sitecore to Head

For those coming from on-prem or PaaS the leap to the exciting new world of Sitecore SaaS can be quite daunting, with many new factors and considerations - not the least of which is security (which should always be front-of-mind). Your dev teams may be busy brushing up on containers and headless, but infra teams will be more concerned with integrating with XM Cloud, most notably with the Head.

Most of you will (hopefully) already be familiar with a couple of the ways that communication between the Head and Sitecore can be secured:

A Sitecore API key - allows you to lock down your API calls to the Layout Service and GraphQL endpoints, as well as impersonate users.
The JSS Editing Secret - used as a shared key to ensure the app and Sitecore Editor are the only parties authorized to talk to one another while in Experience Editor mode.

But what if you want a bit of extra security? Say you have a WAF (something to that effect) which only allows certain headers? As always, Sitecore is nice and extensible:

The class making the HTTP call to your Head app is Sitecore.JavaScriptServices.ViewEngine.Http.RenderEngine and it creates a HttpClient to make the requests using Sitecore.JavaScriptServices.ViewEngine.Http.HttpClientFactory which has the following method:

public IHttpClient Create(HttpRenderEngineOptions options)
{
	Assert.IsNotNull(options, "options");
	return new TimeoutCapableWebClient(options.RequestTimeoutMs)
	{
		Encoding = Encoding.UTF8,
		Headers = { [HttpRequestHeader.ContentType] = "application/json" }
	};
}

This HttpClientFactory is created through DI, so you can just inject your own and add your own headers! Too easy!

Thursday 4 May 2023

Sitecore Headless Forms - Hidden Field Using Query Value

This one goes out to @AJS on Sitecore slack who asked how they could implement the query string provider in Sitecore Forms (headless/JSS).

Firstly, make sure you add the QueryStringProvider from Sitecore Forms Extensions, as well adding the required Sitecore item(s) to your instance.

Once that's done see the Sitecore documentation on adding a React/Next.JS form to your headless app.

Finally you're ready to implement a custom field factory (see my previous post) with a custom hidden element, setting the value based on the value from the query string:

Enjoy!

Friday 28 April 2023

Sitecore JSS/Headless ColumnSplitter in 10.2 (with bonus Tailwind styles)

I saw a post in the Sitecore Slack channel recently asking about ColumnSplitter support in 10.2. This was something I have back-ported recently (as columns really are an essential component in all designs these days) and have been meaning to post about, so it was a good kick to get this post going. Thanks @gatogordo!

You may think that the ColumnSplitter component provided in the XM Cloud starter kit looks fairly straightforward and should work in older versions of Sitecore, but there are a few key changes that are required, both in the JS and in Sitecore, which I will go through now.

Note: I'm going to be using SXA and Tailwind in this post, to get up and running as quickly and painlessly as possible. No doubt this would work without them, but there would be additional / different steps involved.

TL;DR checkout the repo: https://github.com/moo2u2/jss-column-splitter-example

My repo includes a storybook demo

This is what we're going for!

First, ensure you have a 10.2 instance of Sitecore with (the correct version of) SXA and Headless modules installed. If you want to restore the items from the repo above, you'll also need Sitecore Management Services (for serialization) installed.

We'll start by creating a headless Tenant and Site in Sitecore, as well as creating a new Next.JS project with the same name as the site, and the correct version for Sitecore 10.2.

npx create-sitecore-jss@ver20 nextjs --appName jss-column-splitter-example

At this point it's worth running a jss setup to configure your Sitecore connection, and verifying that your app runs correctly in connected mode, because we're about to get into the fun part and add/change a bunch of stuff.

We'll start by creating a ColumnSplitter rendering, which I originally grabbed from the XM Cloud Starter repo (or you can just grab my back-ported version). Next you'll want to add this to your placeholder settings (in my case, jss-main) so that you can add it to the page in Experience Editor.

then go ahead and add the component to your page (in that placeholder), either in Content Editor or Experience Editor.

At this point it's probably worth taking a pause to explain how the column splitter works:
Obviously (by default) it displays no content, so all the settings live in the rendering parameters (no datasource).
The rendering parameters are made up of 2 main parts: the grid, and styles. Both contain CSS classes, however they come from different parts of the content tree.

There are grid + styles options for each column, up to 8 columns (out of the box), as well as the styles for the component itself.

Rendering parameters live at: /sitecore/templates/Feature/JSS Experience Accelerator/Page Structure/Rendering Parameters/ColumnSplitter or {181740EA-A7AE-4799-A649-A75917570E38} and references a couple of other Templates you may not have: Base Rendering Parameters ({4247AAD4-EBDE-4994-998F-E067A51B1FE4}) and _PerSiteStandardValues ({44A022DB-56D3-419A-B43B-E27E4D8E9C41}).

If you open the rendering parameters at the monent, you'll likely notice that they are not displaying correctly:

Starting with styles: as with regular SXA, we need to create a "Styles" item under your Tenant > Site > Presentation, of type: /sitecore/templates/Foundation/Experience Accelerator/Presentation/Styles - {C6DC7393-15BB-4CD7-B798-AB63E77EBAC4}. Under that you can add your styles (I've added various backgrounds for demo purposes).

Now we can see the styles listed in our rendering parameters!

The grid parameters are slightly more complex, as they depend on the SXA grid system, so if you aren't familiar with it I would check out the documentation on how to Create a custom grid.

Because Bootstrap is old school and we're using headless, let's create a faux "grid" for Tailwind! I've added a few different widths for our columns:

Next we need to update our site settings to have the field for, and reference, this grid:
In /sitecore/templates/Foundation/JSS Experience Accelerator/Multisite/JSS Settings - {EC848505-D30C-4BDC-A0AA-7CC9D320085E} add /sitecore/templates/Foundation/Experience Accelerator/Grid/_Grid Mapping - {9D81C61A-0341-4312-816D-E5204385EA3C} to the inherited templates

Back up in our site settings we should see Bootstrap 5 selected as the default grid, which we can now change to our Tailwind grid!

This is the default - change it to our new Tailwind grid

At this point our rendering parameters should all be good and useable!

Finally we need to add our placeholder settings for each column. This is one of the key differences in back-porting it, as we don't use any wildcard asterisk. Just a plain old placeholder name.

With your ColumnSplitter added to the page, select a size (and optionally a style) for a couple of columns and let's take a look at the layout service to double check it's all good for the app to consume:
/sitecore/api/layout/render/default?item=/&sc_apikey={YOUR_KEY}

We can see the component added to the placeholder, and values in the grid and styles but those aren't useable values...

This is where I introduce you to my mate Andy's blog post on Serializing rendering parameters in the layout service.
Note: If you have selected multiple grid sizes (for different devices), you will end up with multiple pipe-separated GUIDs, which his blog doesn't cover. You will need to update your code to cater for this.
With the fix in place, you should see the rendering parameters serialized in JSON format:

We're now in a state where we're good to consume this from the headless app we created at the start!
Run your app in connected mode, and input the following into your site settings:

Server side rendering engine	http
Server side rendering engine endpoint URL	http://localhost:3000/api/editing/render
ServerSideRenderingEngineApplicationUrl	http://localhost:3000

and you should be able to see your component in the Experience Editor!

You can have a play around with different grid sizes and styles, and experiment with adding different content to your placeholders.

Extra Tidying

Since we're using SXA, let's make the "Add randering" popup display the SXA way:
Under your Tenant > Site > Presentation, add an "Available Renderings" item of type /sitecore/templates/Foundation/Experience Accelerator/Presentation/Available Renderings/Available Renderings Folder - {39A9ED72-407D-4440-BA50-30956834794E} and add your renderings.

This should make the modal popup much more user-friendly!

Thursday 6 April 2023

Sitecore Forms long labels truncated

The cause of this is fairly straightforward, but given how painful it is to debug I thought I'd post this for anyone else who comes across it.

If you are using Sitecore Forms, and ever have the need to use a very long label in a list item (eg. a checkbox list) you will notice it gets truncated. You may even note that the length is suspiciously similar to the max length of an item name...

After a lot of digging you'll note that these list item label/value strings are altered and set in Sitecore.ExperienceForms.Mvc.DataSource.DataSourceSettingsManager, specifically in the UpdateStaticItems method where there is a call to ItemUtil.ProposeValidItemName() for both label text and value. This is certainly required for one (if it's being set as the name or display name) however not for both.

Thanks to dependency injection the fix is nice and easy to patch in:

<?xml version="1.0"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"  xmlns:role="http://www.sitecore.net/xmlconfig/role/">
  <sitecore>
    <services>
      <register serviceType="Sitecore.ExperienceForms.FieldSettings.IFieldSettingsManager`1[[Sitecore.ExperienceForms.Mvc.Models.ListFieldItemCollection, Sitecore.ExperienceForms.Mvc]], Sitecore.ExperienceForms" 
        patch:instead="register[@serviceType='Sitecore.ExperienceForms.FieldSettings.IFieldSettingsManager`1[[Sitecore.ExperienceForms.Mvc.Models.ListFieldItemCollection, Sitecore.ExperienceForms.Mvc]], Sitecore.ExperienceForms']"
        implementationType="MyProject.Feature.Forms.DataSource.DataSourceSettingsManager, MyProject.Feature.Forms" lifetime="Transient" />
    </services>
  </sitecore>
</configuration>

Saturday 1 April 2023

next-auth error: "Can't resolve module 'next/headers'"

The Issue

Recently I've been working on a site using Sitecore headless (JSS) with authentication. As we're using Next.JS it makes the most sense to utilise NextAuth.JS which has been around for a while, has super easy setup, and integrates with loads of providers - including a couple which we needed for the project.

Everything seemed to be working well, until we started using getServerSession() to fetch the session info server-side, when everything started to fall apart in errors - particularly one mentioning:

Can't resolve module 'next/headers'

A quick search led to a few results such as issue 6559 which indicated we may need to revert to version 4.15.1 (we were using the latest, 4.20.1). This did indeed appear to get around that particular error, though we weren't sure at what cost (and we weren't about to go looking through the change history between those 2 versions).

Instead I made a small git repo with a minimal reproduction of the issue (all JSS mocked out), logged issue #7103 on the next-auth github repo, and surprisingly heard back from one of the authors within 24 hours with a workaround. Not as good as a fix, of course, but it unblocked us which is definitely a great outcome!

The Fix

Checkout my branch patch-fix for pre-fixed version.

Perform the following steps in your local project:

npm install --save-dev patch-package

Remove the 'if' block from packages/next-auth/src/next/index.ts#L121-L139 leaving just the 'else' lines packages/next-auth/src/next/index.ts#L136-L138.

npx patch-package next-auth

This should resolve the issue for anyone else using the repo!

Note: Please keep in mind this is only relevant for Next.JS v12 (not v13) - see the comment from balazorban44 in the issue.

Thursday 30 March 2023

Sitecore Forms - Markdown in Text Field

Update 30/03/2023: Bonus, now with added bold and line breaks!

One of the main limitations of Sitecore Forms in my opinion is not having a rich text field. No doubt this is something that could be implemented without too much of a headache, but a simpler option is to allow basic markdown such as links.

eg. this is a sentence with [a link](https://google.com) in it

Fortunately, using a custom field factory (see my previous post) this is pretty simple!

Wednesday 22 March 2023

Custom Form Elements in Headless (JSS) Forms

I've been getting pretty deep into the Sitecore React/Next.JS Forms libraries over the last couple of weeks, and while there's some half decent information out there if you look hard enough, it's generally not that accessible or complete. For example, one of the better pages altering field types is hidden away in GitHub and doesn't seem to pop up for me in a Google search.

I find that Sitecore Forms, while a great form builder, still lacks (at least) a couple of fields which I would consider a must-have: hidden fields, and raw HTML. Fortunately these can be found in Sitecore Forms Extensions, so we can copy the relevant code from there.

Once you've got the fields into Sitecore - in the form builder and rendering their properties into the layout service - the next step is to ensure your React/Next.JS code knows how to render the fields. Fortunately per the link above, this is fairly easy to inject/extend using a custom field factory:

We can then add our custom field factory to our form, and we should be good to go!

<Form
  form={fields}
  sitecoreApiHost={process.env.SITECORE_API_HOST}
  sitecoreApiKey={process.env.SITECORE_API_KEY}
  onRedirect={(url: string) => router.push(url)}
  fieldFactory={CustomFieldFactory}
/>

Issues / wish list:

CustomFieldFactory.setComponent first parameter relies on the FieldTypes enum (but works with any string). This causes Typescript errors. It would be great if this parameter/enum were extendable.
The Form component extends Component<FormProps, FormState & FieldStateCollection> but is itself not generic! This means that props can't be overridden, which means adding custom properties causes Typescript errors (though the code still works). Ideally Form would be generic so that we could pass custom props and properly override the Form class.
Conditions are not included anywhere in the Sitecore Forms React code :( See an upcoming post for how we can achieve conditional logic using OOTB Sitecore Forms conditions.
There is no validation on form submission! This was very surprising (and frustrating) to find (and implement).
There is no validation for mandatory fields on a couple of fields, eg. CheckboxList
Fields are still submitted by the JSS code even when adding a 'disabled' attribute to the field. This super painful to work around!

Monday 13 March 2023

Something went wrong. See SPE logs for more details.

A nice quick one since I didn't find much useful info around on this particular issue (maybe nobody else has made this stupid mistake).

While working on a client implementation I came across the following error:

7952 03:31:46 INFO  Script item set to master:\system\Modules\PowerShell\Script Library\JSS SXA\Scaffolding\Content Editor\Insert Item\JSS Site in ScriptSession $scriptSession$|gmnwpaqx1sn0u3gz2hwu5bkr|fef42854-5de9-4f59-ab6a-13edd7d2862e.
ManagedPoolThread #4 03:31:47 ERROR Cannot bind argument to parameter 'TenantTemplatesRoot' because it is null.
7444 03:36:59 WARN  Session state elevated for 'ItemSave' by user: sitecore\admin

Digging into the powershell script which was being called (/sitecore/system/Modules/PowerShell/Script Library/JSS SXA/Scaffolding/Functions/New-JSSSite) you can quickly find the relevant line:

$tenantTemplatesRootID = $tenant.Fields['Templates'].Value

Looking at the fields in my Tenant, I noticed they were all blank! Seems that while transferring items between environments someone forgot to package some of the necessary items.

Long story short, when packaging up your Tenant don't forget to include:

/sitecore/templates/Project/YourTenant
/sitecore/media library/Project/YourTenant
/sitecore/media library/Project/YourTenant/shared
/sitecore/layout/Renderings/Project/YourTenant
/sitecore/layout/Placeholder Settings/Project/YourTenant

Wednesday 1 March 2023

When Disabling xDB Isn't Enough

If you read the documentation on using CMS-only mode to run Sitecore without xDB you'd be forgiven for thinking that a config patch such as this is the simple end of the story:

<configuration>
    <sitecore>
        <settings>
            <setting name="Xdb.Enabled" value="false" />
            <setting name="Xdb.Tracking.Enabled" value="false" />
        </settings>
    </sitecore>
</configuration>

Unfortunately as someone on Slack recently discovered, this doesn't help if you're trying to run Sitecore (XP container images, but in CMS-only mode without the xConnect instances) in containers.

The issue is fairly obvious when you notice CM is not starting and take a look at an example of the logs

920 08:52:34 ERROR Health check Sitecore.XConnect.Client.WebApi.CollectionWebApiClient completed after 0.0038ms with status Unhealthy and 'Error during CollectionWebApiClient initialization: An error occurred while sending the request.'
1920 08:52:35 ERROR Health check Sitecore.XConnect.Client.WebApi.ConfigurationWebApiClient completed after 0.0054ms with status Unhealthy and 'Error during ConfigurationWebApiClient initialization: An error occurred while sending the request.'
1920 08:52:36 ERROR Health check Sitecore.XConnect.Client.WebApi.SearchWebApiClient completed after 0.0068ms with status Unhealthy and 'Error during SearchWebApiClient initialization: An error occurred while sending the request.'

Yes, there are in fact health checks on CM and CD which check the status of xConnect, and completely ignore the config settings I mentioned above.

Not to worry, there are a couple of options at this point:

Use a config patch to remove the health checks (the easier option)
Update and override the health checks so that they respect the Xdb.Enabled setting

Config patch

Here's an easy patch you can apply which should remove these from your Sitecore configuration and complete the disabling of xDB:

Updating the code

The "proper" way, I feel, would be to update the code to respect the Xdb.Enabled setting. This is what the setting is indicating, and what the documentation explains that it is for.

To take XConnectCollectionHealthCheckServicesConfigurator as an example:

public class XConnectCollectionHealthCheckServicesConfigurator : Sitecore.XConnect.Client.Configuration.HealthCheckServicesConfigurators.XConnectCollectionHealthCheckServicesConfigurator
{
  protected override IHealthCheck CreateCommonWebApiHealthCheck(IServiceProvider provider)
  {
    if (Sitecore.Configuration.Settings.GetBoolSetting("Xdb.Enabled", true))
      return base.CreateCommonWebApiHealthCheck(provider);
    else
      return new SuccessHealthCheck();
  }
}

public class SuccessHealthCheck : IHealthCheck
{
  public Task<HealthCheckResult> CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken = default)
  {
    return Task.FromResult(HealthCheckResult.Healthy());
  }
}

We add our settings check, and - because there does not seem to be any easy out-of-the-box way to return a successful health check - we also need to create a class for that. Repeat for all 3 health checks, and you're good to go.

Enjoy running your Sitecore topology nice and lean!

Sunday 19 February 2023

Setting up a Sitecore Developer Laptop in 2023

So with the start of the new year, and new company, comes the fun part - a purchase of a new laptop. Exciting! I finally get to play with Windows 11 (Pro), and not be restricted by work security.

Long gone are the days of SIF-based installs, with SQL/Solr running as Windows services (and likely many instances of them, if you were working on multiple versions of Sitecore). These days everything can be done on containers and VS Code (yes, even back-end dev).

With the release of (some) ltsc2022 images over the last week, we can finally use process isolation on Windows 11! Yes it's in preview, but at least your computer won't have a heart attack from lack of resources!

So because it was all so easy, I thought I'd quickly note down the few things I needed to install to get going. As a bonus I've included some configuration that might catch you out, or you may have forgotten if you've done it before.

Windows features

Containers / HyperV
IIS (optional, if you want to do a proper install at some point)

Software

VS Code for most dev, plus extensions:
1. Azure (Account / Functions / App Service / Cache / Kubernetes Service / Pipelines / Resources / Static Web Apps / Storage)
2. Docker
3. Git History
4. GraphQL (Language Feature Support / Syntax Highlighting)
5. IntelliCode
6. PowerShell
7. Prettier - Code Formatter
8. Scriban
9. XML Tools
10. YAML
Visual Studio (probably optional, since VS Code can do everything these days!)

TDS (optional, only if your clients use it)

Node

Sitecore JSS CLI

Docker Desktop
Git
Make life easier: 7Zip / SQL Server Management Studio
Testing APIs: Postman
Decompiling: ILSpy / DotPeek
Storage access: Filezilla & Azure Storage Explorer
Remote access: Microsoft Remote Desktop and Client VPNs

Configuration

Visual Studio:

Docker settings:

Turn off docker-compose v2 (for now, until support is added by the Sitecore team)

Set the following Docker settings:

"features": {
  "buildkit": false
}

So only a dozen or so tools, plus a little setup and configuration. Pretty great if you ask me!
If there's anything I'm missing that you use to be productive I'd love to hear it. Leave a comment and I'll take a look (and hopefully make my life easier in the process).