Question
Maantic Inc
US
Last activity: 24 Jan 2023 18:04 EST
FinishAssignment activity fails with status code 403 and Referrer Policy: strict-origin-when-cross-origin
In the flow ActionAutoSubmit OOTB called, it calls FinishAssignment.
FinishAssignment activity fails with status code 403 and Referrer Policy: strict-origin-when-cross-origin
it happens only from end user portal in production. from developer portal it works fine
Do we need to add FinishAssignment in CSRF allow
Pegasystems Inc.
GB
@JohnPaulRaja,C FinishAssignment, validates, Sets the Task status, completes Assignment and checks for back to back assignments then displays the Review or Perform harness.
You should not have to change anything for that.
The issue you are encountering is likely due to Basic Access Control. See similar discussion here.
https://docs-previous.pega.com/security/85/verifying-requests-when-using-custom-controls
We would need you to go through the usecase and help our support team to understand the issue. You state that when you Click Submit and Trigger Finish Assignment a 403 is returned from server.
-- Do you find any SECU0019 Error in Pega Alert logs and 403 error in network trace?
Can you confirm that this is resolved if you modify pyBlockUnregisteredRequests as false, everything working as expected?
Have you overridden "pyShowSecureFeatureWarnings" ?
Please add below snippet in userworkform inside the script tags and let us know if that resolves it:
@JohnPaulRaja,C FinishAssignment, validates, Sets the Task status, completes Assignment and checks for back to back assignments then displays the Review or Perform harness.
You should not have to change anything for that.
The issue you are encountering is likely due to Basic Access Control. See similar discussion here.
https://docs-previous.pega.com/security/85/verifying-requests-when-using-custom-controls
We would need you to go through the usecase and help our support team to understand the issue. You state that when you Click Submit and Trigger Finish Assignment a 403 is returned from server.
-- Do you find any SECU0019 Error in Pega Alert logs and 403 error in network trace?
Can you confirm that this is resolved if you modify pyBlockUnregisteredRequests as false, everything working as expected?
Have you overridden "pyShowSecureFeatureWarnings" ?
Please add below snippet in userworkform inside the script tags and let us know if that resolves it:
ClipboardPage actionAPI = ((PegaAPI) tools).getUIEngine().getUIActionPage("finishAssignment"); ((PegaAPI) tools).getUIEngine().getUIAction(actionAPI).register(); actionAPI.removeFromClipboard();
Maantic Inc
US
Do you find any SECU0019 Error in Pega Alert logs and 403 error in network trace? Yes
Can you confirm that this is resolved if you modify pyBlockUnregisteredRequests as false, everything working as expected? Yes
Have you overridden "pyShowSecureFeatureWarnings" ? save in application ruleset
Updated: 22 Aug 2022 10:19 EDT
Pegasystems Inc.
GB
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users. If you are bypassing this feature it is not the recommended approach by Pega and would recommend you to analyze your code to fix the unauthorized server calls as explained in the below documentation.
https://collaborate.pega.com/discussion/basic-access-control-bac-resources
Please log a support ticket if you need your particular scenario looked at in detail.
Iif the suggested userworkform workaround does not solve it please log this as a support incident and provide the INC reference here so that we can help track it.
ING
NL
@JohnPaulRaja,C Could you please provide an update if the workaround suggested by @MarijeSchillern in userworkform worked for you? If not, did you arrived at a solution already? As this is a OOTB action (FinishAssignment), I expect this UIAction to be registered through OOTB rules.
Energy Safe Australia
AU
@JohnPaulRaja,C Did you get any solution to this, we are also seeing same issue and have raised INC-257536
pyBlockUnregisteredRequests making it false works fine.
What we observed is TaskStatus and few other params are not getting formed when the when rule is true and Call FinishAssignment is called in activity rule.
Energy Safe Australia
AU
@DharanitharanR5430 We were able to fix this issue, instead of refresh this section which call this activity we made it as refresh this harness