Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Brahmeswara Rao (Brahmesh@)
Skandiabanken
Brahmeswara Rao
Skandiabanken
SE
Brahmesh@ Member since 2013 206 posts
Skandiabanken
Posted: Feb 24, 2020
Last activity: Mar 4, 2020
Posted: 24 Feb 2020 11:07 EST
Last activity: 4 Mar 2020 15:00 EST
Closed

How to impose cross-site scripting filter in pega REST services

Is there any way to implement the cross-site scripting filter for pega services?..

To see attachments, please log in.
Pega Platform 7.3.1
Java and Activities
Financial Services

Posted: 4 years ago
Posted: 4 Mar 2020 15:00 EST
Brahmeswara Rao (Brahmesh@)
Skandiabanken
Brahmeswara Rao
Skandiabanken
SE

we can define the CORS policy for an API or REST service by specifying the allowed origins, allowed headers, exposed headers, allowed methods, credential usage, and preflight expiration time.

But Does CORS policy validates the content in the header. Is it possible to validate the payload ?

{"username":"<a href=\"jAvAsCrIpT:alert(1)\">X</a>","password":"xyz"}

{  "username": "waf",  "password": "select * from t1;"}  

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice