Sitecore uses PhantomJS to generate screenshots of pages for use in the Sitecore clients. It is an external executable (
.exe) file that is shipped with Sitecore in the
$(dataFolder)\tools\phantomjs folder. Sitecore references this file through the
ContentTesting.PhantomJS.ExecutablePath setting in the
App_Config\Include\ContentTesting\Sitecore.ContentTesting.config configuration patch file.
To limit access to the PhantomJS executable file, you should place the
data folder outside the
The Windows process that Sitecore runs under requires the
Read & executes permission on the executable file. The process also requires
Read access to the folder itself to access the other files within the folder.
Because PhantomJS is executed from within Sitecore, it runs with the same permissions that have been set for the process that Sitecore is running under. You should run Sitecore with least privilege and only allow access to files and folders that Sitecore needs access to.
Sitecore passes PhantomJS a script that is generated from the
RenderScripts processor in the
getScreenShotForURL pipeline. This script instructs PhantomJS to write generated images to a specific folder. The
GenerateFilename processor is responsible for generating the path and file name for use in the script.
By default, the output path is
$(webroot)\temp\screenshots. The process that Sitecore runs under should already have
Write permissions to the
temp folder. The output folder location is determined within the pipeline, which you can modify to output the files to a different location.
By default, PhantomJS is configured to use a disk cache for caching web resources. The location on disk where the cache is created is platform dependent and could be any of the following, depending on the version of windows on which Sitecore is running:
In the path
<user> is the account under which Sitecore is running.
To ensure the disk cache can operate, read and write access to the cache directory must be granted to the account under which Sitecore is running. You can disable the disk cache in the
App_Config\Include\ContentTesting\Sitecore.ContentTesting.config file by changing the
ContentTesting.PhantomJS.EnableDiskCache Sitecore setting to false. Disabling the cache results in screenshot generation taking longer because all web resources must be retrieved for each screenshot every time.
If the folder that is used for the screenshot files has been changed, you can check the pipeline for the new location.
Increase security on content delivery servers
Because screenshots are used in the UI and emails, it is not necessary to generate them on content delivery servers.
To increase security on the content delivery servers:
- Remove the
$(dataFolder)\tools\phantomjsfolder including the
- Disable the
getScreenshotForUrlpipeline that launches the PhantomJS process.
To disable the
getScreenshotForUrlpipeline, create a patch file that disables it in the
For more information about using patch files, see the topic Use a patch file to customize the Sitecore configuration.