PRPC62sp2 : Observing security issue while launching in Pega App in firefox
HI Team,
While launching our application built on PRPC62sp2 in firefox we are observing below error.
The site specified an invalid Strict-Transport-Security header.
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
2
Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src https://ftwldscimw124.r1-core.r1.aig.net:41580").
var uwtClientStart = new Date().getTime(...
!STANDARD? (line 1)
ReferenceError: requestHomeURI is not defined
...qURI;var requestURI=pega.d.pxReqURI;var pxReqHomeURI=requestHomeURI;var reqProCo...
Accepted Solution
Pegasystems Inc.
US
Abdul,
The SHA-1 message is a message from the firebug plugin in firefox, it means that the site to which you are browsing uses SHA-1 to sign its certificates for https.
The Content Security Policy one surprises me as I did not think that the Content Security Policy rules came until a few releases into 7.1. I suspect that you may be encountering a Content Security Policy which is outside of PRPC.
Matt
JP Morgan
US
Thanks for the response Matt.
I have updated the self signed certs to support hashing algorithm 2 (SHA2). Which resolved security error.
CSP issue was not in Pega and was definitely external to PRPC.