Symptom
In the call interaction settings, click the Show Document icon to expand a section to display additional details of a document. However, this throws an error (alert) on the application user interface.
Errors
- User Interface alert ‘AJAX call failed’
- HTTP 403: Unauthorized request detected: unregistered request encountered with params pyActivity: pzupdateExpandStatus
Explanation
All custom activities must be registered to comply with the latest security guidelines to prevent breaking Basic Access Control (BAC). However, in this scenario, registering the custom activity (GetDocuments) with JavaServer Pages (JSP) (pega_rules_utilities.pzRegisterActivity(tools, "GetDocuments");) will not suffice because call Show-Harness on the pre-processing of the flow action will render the harness again and remove all the existing registrations.
Environment
The problem was reported in the following environments:
- Pega Platform™ version 8.5.5 on Pega Cloud® 2.22.3
- Pega Platform version 8.5.6 on Pega Cloud 2.23.4
Solution
When showing records in a modal dialog box, use OpenURLInWindow because this allows the custom activity (GetDocuments) to open the attachment in a new tab and preserve the existing BAC registrations, which prevents cache issues/registrations. Hence, when you click the Show Document icon, the custom activity (GetDocuments) is invoked only if the document exists.