Contributed by Jean Khawand and Santhosh Yerraganti
Symptoms
Pega Web Mashups do not display after you refresh the browser. The problem was reported for the following scenarios.
After you log in, the mashup is loaded. But when you press the F5 key or Reload the page, the mashup is no longer displayed. You see this unexpected behavior in the development environment. In Dev Studio, you see the script error: Uncaught SyntaxError: identifier starts immediately after numeric literal caused by PegaInternetApplicationComposer js script
The mashup loads successfully after openID authentication. However, if the application user refreshes the browser, the mashup is not loaded again and it displays as blank. From the browser , the Network tab, you see the error 403 Forbidden.
After you enable the security setting to block Cross-Site Request Forgery (CSRF) attacks, the mashup does not load after you refresh the browser.
Errors
403 Forbidden
Uncaught syntaxError ; Invalid or unexpected token
Explanation
Client bug – Configuration issue
The default Dynamic System Settings (DSSes) for security documented in Security - Understanding dynamic system settings (and versions of the article for earlier releases) prevent mashups from loading on the application page:
prconfig/initialization/submitobfuscatedurl = required
prconfig/initialization/urlencryption/default = true
The first setting causes the problem, but both settings work as a pair.
When submitobfuscatedurl is required in combination with urlencryption, the mashup fails to return the required JavaScript from the processing of pzIncludeMashupScripts because the script src is not encrypted and, therefore, it cannot run. When submitobfuscatedurl is optional rather than required in combination with urlencryption, the activity runs but returns corrupt JavaScript that fails to process.
Environments
The problem was reported in the following environments:
- Pega Platform™ version 8.5.4, on-premises environment
- Pega Platform version 8.7.1, on-premises environment
- Pega Platform version 8.8.2, on-premises environment
Solution
Perform the following local change:
- Update DSS settings and restart the server:
prconfig/initialization/SubmitObfuscatedURL/default = optional
prconfig/initialization/urlencryption/default = true - Disable JavaScript compaction by specifying the parameter &disableCompacting=true in the script src URL as shown in the following example:
<script src = 'https://mlbwtr-dt4.pegacloud.net/prweb/PRAuth/app/Diversion_7756/mashup…;
Related content
Troubleshooting issues with loading mashups
Modified parameters in the mashup code prevent access to the mashup channel This 8.5 article is also available for 8.6, 8.7, and 8.8, Modified parameters in the mashup code prevent access to the mashup channel
Mashup code is not consistent with the latest security enhancements This 8.5 article is also available for 8.6, 8.7, and 8.8, Securing your application for mashup communication