CSRFAttack observed in logs
After upgrading from PRPC 6 to Pega 7.1.7, the log generates CSRFAttack warning
2015-07-02 08:02:47,851 | WARN | WebContainer : 2 | mgmt.util.URLAccessContext | Msg: URLAccessModeWarn:URLAccessPermitted URLAccessDetail CSRFAttack Invalid harness ID HID821A4B556A3FBBA95E79DE6B1188E97E :From @baseclass.pzUpdateClipboardModels
Steps to Reproduce
Upgrade from PRPC 6 to Pega 7.1.7 with an application that uses RedirectAndRun.
The root cause of this problem is a backward compatibility defect in Pegasystems’ code/rules. A new parameter was added to RedirectAndRun that should be specified in any custom code.
This issue is resolved through the following local-change:
Pass the "action" parameter to RedirectAndRun with a value of openAssignment, openWorkItem, openWorkByHandle or displayOnPage.
Published August 14, 2015 - Updated October 8, 2020
Was this useful?
0% found this useful
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.