Question
Corporation Service Company
US
Last activity: 24 Sep 2019 6:39 EDT
Mashup is not working after enabling cross site request forgery settings
mash up is not loaded after enabling the cross site request forgery settings in Pega 8.2.1.
Workaround: Added the domain (mash up hosted) to referrer list to skip CSRF check.
Is it a limitation in Pega to use CRSF with pega mashup? or am i missing something related to configuration settings?
Optum
IN
Hi,
Could you share the error seen in network console of browser?
Also, please check if these best practices have been followed: https://community.pega.com/knowledgebase/articles/security/best-practices-avoid-cross-site-scripting-xss-vulnerabilities
Thanks
Corporation Service Company
US
Console Error in Chrome: Failed to load resource: the server responded with a status of 403 (Forbidden)
Firefox console:
The script from “http://hostname/prweb/PRServlet?pyActivity=pzIncludeMashupScripts” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
Console Error in Chrome: Failed to load resource: the server responded with a status of 403 (Forbidden)
Firefox console:
The script from “http://hostname/prweb/PRServlet?pyActivity=pzIncludeMashupScripts” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.