Closed
How to impose cross-site scripting filter in pega REST services
Is there any way to implement the cross-site scripting filter for pega services?..
This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.
Is there any way to implement the cross-site scripting filter for pega services?..
See if this helps: https://community.pega.com/knowledgebase/articles/security/configuring-csrf-protection
we can define the CORS policy for an API or REST service by specifying the allowed origins, allowed headers, exposed headers, allowed methods, credential usage, and preflight expiration time.
But Does CORS policy validates the content in the header. Is it possible to validate the payload ?
{"username":"<a href=\"jAvAsCrIpT:alert(1)\">X</a>","password":"xyz"}
{ "username": "waf", "password": "select * from t1;"}
Question
Question Solved
Question Solved
Question
Question
Question Solved
Question
Question
Question Solved
Question
Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.