## Docs

First, make sure you set up your environment as described above, that will install all the requirements.

### Docs live

During local development, there is a script that builds the site and checks for any changes, live-reloading:

<div class="termy">

```console
$ python ./scripts/docs.py live

<span style="color: green;">[INFO]</span> Serving on http://127.0.0.1:8008

        }
        buf.append(segment);
        return buf.toString();
    }

    /**
     * Gets the site path for display purposes.
     * Extracts and formats the site path from document URL.
     *
     * @param docMap the document data map
     * @return the formatted site path
     */
    public Object getSitePath(final Map<String, Object> docMap) {

// wiring and reference and external source for the lifecycle configuration.
@Named
@Singleton
public class DefaultLifecycles {
    public static final String[] STANDARD_LIFECYCLES = {"clean", "default", "site"};

    private final Logger logger = LoggerFactory.getLogger(getClass());

    // @Configuration(source="org/apache/maven/lifecycle/lifecycles.xml")

    private final Lookup lookup;

## Ризик CSRF { #csrf-risk }

Ця поведінка за замовчуванням забезпечує захист від класу атак **Cross-Site Request Forgery (CSRF)** у дуже конкретному сценарії.

Ці атаки використовують той факт, що браузери дозволяють скриптам надсилати запити без виконання перевірки CORS preflight, коли вони:

	// Limits all body and header sizes to a maximum fixed limit
	setRequestLimitMiddleware,
	// Validate all the incoming requests.
	setRequestValidityMiddleware,
	// Add upload forwarding middleware for site replication
	setUploadForwardingMiddleware,
	// Add bucket forwarding middleware
	setBucketForwardingMiddleware,
	// Add new middlewares here.
}

// configureServer handler returns final handler for the http server.

            @Override
            public String getIndexFieldHost() {
                return "host";
            }

            @Override
            public String getIndexFieldSite() {
                return "site";
            }

            @Override
            public String getIndexFieldLastModified() {
                return "last_modified";
            }

            @Override

## CSRF-Risiko { #csrf-risk }

Dieses Standardverhalten schützt vor einer Klasse von **Cross-Site Request Forgery (CSRF)**-Angriffen in einem sehr spezifischen Szenario.

Diese Angriffe nutzen aus, dass Browser Skripte Requests senden lassen, ohne einen CORS-Preflight-Check durchzuführen, wenn sie:

        // mimetype
        defaultDataMap.put(fessConfig.getIndexFieldMimetype(), mimeType);
        // title
        // content
        // cache
        // digest
        // host
        // site
        // url
        // anchor
        // content_length
        // last_modified
        // id
        // virtual_host
        defaultDataMap.put(fessConfig.getIndexFieldVirtualHost(),

## CSRF Risk { #csrf-risk }

This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.

These attacks exploit the fact that browsers allow scripts to send requests without doing any CORS preflight check when they:

 *
 * <p>Duplicate host configurations allow administrators to define hostname patterns
 * that should be treated as equivalent during crawling. This helps avoid indexing
 * duplicate content from the same logical site that may be accessible via different
 * hostnames (e.g., www.example.com and example.com).</p>
 */
public class DuplicateHostService extends FessAppService {

    /**
     * DBFlute behavior for duplicate host operations.