Support Article
Security:System requires content outside Pega (eg amazonaws.com)
SA-23666
Summary
On performing an analysis on content loaded on Pega 7.1.4 Customer Process Manager (CPM) user portal, user found out that it is requires few content from "https://firefly-071591.s3.amazonaws.com" like :
- https://firefly-071591.s3.amazonaws.com/scripts/final/customer.js,
- https://firefly-071591.s3.amazonaws.com/img/cross_icon.jpg,
- https://firefly-071591.s3.amazonaws.com/settings/Enter%20PortalCobrowsingAPIToken%20Here/accountSettings.js?callback=jQuery1111011236455966718495_1454687066434&_=1454687066435, ...
User requires a way to remove all this content from the screens as there is no need for co-browsing functionality and references to code, that is hosted on external servers is not allowed in our system.
Error Messages
Error retrieving javascripts as access to the locations is not allowed from our environment.
Steps to Reproduce
- Install Pega 7.1.9 with CS (CPM) 7.1.4.
- Restrict access to https://firefly-071591.s3.amazonaws.com (block via firewall). Js Errors will occur on the default portal after login in as a standard CPM user.
Root Cause
The Interaction Portal always downloads the Co-Browsing scripts because of the inclusion of PortalCoBrowsing section in the Portal header. This should only be included if Co-Browsing is enabled.
Resolution
Apply HFix-26170.
This fix updates the InteractionPortalHeader section to add a Visible When around the co-browsing section include.
The Declare_CAApplicationSettings Data Page is used to control this setting.
Note: The licensed install of PegaCALL 7.1.3.3 is required by dependent HFix-24822.
Published June 30, 2016 - Updated December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.