Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 V S Bharathi Kukkala (VSBharathiK0937)
Cognizant
Manager
Cognizant
IN
VSBharathiK0937 Member since 2016 3 posts
Cognizant
Posted: Jul 19, 2019
Last activity: Jul 22, 2019
Posted: 19 Jul 2019 7:06 EDT
Last activity: 22 Jul 2019 2:08 EDT
Closed

Page Cannot be Displayed Error on loading a section: Security Issue

We have a html section for attaching files which is based off iFrame. On loading this section from flowaction, we are getting page cannot be displayed error. Same section is working when we load from harness.

And this issue is coming only in https (443) node of application, and same is working fine in http (8080)

In chrome console, we are able to see below error,

Blocked a frame with origin "https://application.com" from accessing a cross-origin frame at pega.ui.Doc.hideSmartInfoHarness "https://application.com/prweb/PRServlet".

And in IE console, able to see errors related to HTTPS security is compromised by res://ieframe.dll/...

Issue is being observed from last two weeks and no changes related to x-Frame options, load balancer (https:443) or hot fixes have been made in recent time.

Please suggest,

Thanks,
Bharathi

***Edited by Moderator: Lochan to update platform capability tags***

To see attachments, please log in.
Pega Platform
User Experience

Posted: 6 years ago
Posted: 20 Jul 2019 8:02 EDT
Udhay Raman (ramau)
Cognizant Technology Limited
Lead Technical Architect
Cognizant Technology Limited
IN

Hi Bharathi,

Can you please share your alert log, If you are getting "Secu00009" Pega alert code or the similar error message below, You have to add the below local change.

A browser has reported a violation of your application's Content Security Policy : A browser has reported a violation of your application's Content Security Policy. <CR>If you would like to correct this, modify your application's Content Security Policy to allow the Blocked Content Source to your Violated Directive<CR>

Local change:


Add the website list to be bypassed in the "Allowed form actions" of "Form Actions" directive in "pxDefaultAllowAll" or custom content security policy.

 

To see attachments, please log in.
Posted: 6 years ago
Posted: 22 Jul 2019 2:08 EDT
V S Bharathi Kukkala (VSBharathiK0937)
Cognizant
Manager
Cognizant
IN

I don't see any errors in alert logs. Could see below logging in local host access logs,

GET /prweb/PRServlet/jRaiVJ0d9Vv4EHRfoP_iCg%5B%5B*/!TABTHREAD1?pyActivity=GenerateActionFrame&HarnessMode=ACTION&TaskIndex=&FormError=&FieldError=&pyCustomError=&bExcludeLegacyJS=&NewAction=true&UniqueStamp=1563774653923&pzPrimaryPageName=pyWorkPage HTTP/1.1" 200 10494

To add, our application is built on Pega 6.1 SP2. So, in 6.x do we have CSP concept.

Thank you.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice