Question
Marsh
US
Last activity: 18 Jul 2017 10:39 EDT
URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID
We are seeing the following error in our pega 7 logs intermittently-
URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Missing harness ID: From <class>.....
What could be the cause of it?
***Updated by moderator: Lochan to close post***
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Accepted Solution
Pegasystems Inc.
IN
Hi
This is a known issue and fixed in 7.1.8
In your current release if you want to disable the protection and stop these warnings ( though not recommended) , add the following to prconfig.xml
<env name="security/urlaccessmode" value="allow" />
This should be re enabled once upgraded to 7.1.8
Pegasystems Inc.
US
Client on 7.1.8 is still seeing these warnings.
URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Invalid harness ID HID0C0CCEFACADCD66CA5C7CAC986B15A0D
URLAccessModeWarn:URLAccessPermitted URLAccessDetail ActionTampered Unknown reason
URLAccessModeWarn:URLAccessPermitted URLAccessDetail ActionTampered Actual Fixed Param-Value : key=<CLIENT>FW-WORK NB-1257 Expected Param-Value : key="<CLIENT>FW-WORK NB-1209"
Please confirm this been fixed in 7.1.8.
Marsh
US
Hi Randy Bundalian,
Were you able to find out if this has been fixed in 7.1.8?