I am facing the below issue after upgraded from version 8.4.0 to 8.5.1.
Statement: In the left navigation, application has couple of icons (Home, Reports…..etc) and each icon has some functionality. Home icon has "pega.desktop.activateDocument" OOTB function in the actions to come back to home if user navigated to different icons in the portal.
Issue: After upgrade, pega triggering SECU0019 security alert on click of Home icon and user is not able to come back to Home from reports. He will stuck in the reports and it is trigger error 403.
Cause: “pega.desktop.activateDocument” function causing the security alert and from 8.5.1 version onwards actions need to be registered (From the production only 30 actions are registered but not all event though using OOTB function). It will occur only in production level-5 and it won’t occurred in the below production level-5
Security Alert: 2021-XX-XX 03:10:33,383 GMT*8*SECU0019*0*0*pega-web-w8q2z*NA*NA*H6VJRTHF2JUFRT66CGJFAUMERLKF5XZ8YA*admin*XXX-XX-Work*null*a638e37ea2718f42f076aa3e648f1c9d*Y*13*H6VJRTHF2JUFRT66CGJFAUMERLKF5XZ8YA*97*https-jsse-nio2-8443-exec-6*DCSPA_UserPortal*com.pega.pegarules.session.internal.engineinterface.service.HttpAPI*Activity=ReloadSection*Rule-Obj-Activity:ReloadSection*@BASECLASS PXCALLDATATRANSFORM #20180713T132634.566 GMT Step: 1 Circum: 0*0****NA*NA*NA*NA*NA*NA*initial Executable;0 additional frames in stack;*NA*Unauthorized request detected : Unregistered request encountered with params pyActivity:DoClose eventSrcSection:Data-Portal.PortalNavigation*
The below are options to solve the above issue:
Need to use latest version (which is available in the COSMOS:02-01-01) of MainNavigation rule but all rules are final rules & navigation icons are loaded dynamically as per OOTB and is there any way to add or update navigation icons as per application implementation.
Need to register “pega.desktop.activateDocument” function actions.
Could you please suggest any inputs on the above options OR can suggest if any other alternative's.
***Edited by Moderator: Pooja Gadige to change category from Product to Upgrade, add platform capability tag***
@YerasuReddy After the upgrade you need to bump Theme-Cosmos version as well to match the platform version. After changing the version to 2.0.0, you may change the icons using "Channel & Interfaces" screen. To do that for Home (for example) you need to:
open "Channels & Interfaces" screen either in Dev Studio or App Studio
choose appropriate channel; the default one is called "User Portal"
in the "Content" tab, click on "Custom pages" menu item on the left
choose "Home" harness (or any other, that you want to change the icon of)
We are overridden MainNavigation rule from COSMOS:01-01-01 (that time pega version is 8.3.0) and added custom icons with actions. Calling “pega.desktop.activateDocument” function and data page flushing actions in the Home icon actions tab.
Issue: After upgraded to Pega 8.5.1 from Pega 8.4.0 (we don’t have any issue in Pega 8.4.0 version), “pega.desktop.activateDocument” function triggering SECU0019 security alert once user click on the Home icon if user is navigated to different icon and user is not able to navigate back to Home dashabord.
GCS Team Suggestion:
Use MainNavigation rule from COSMOS:02-01-01 version and icons are loaded dynamically.
My question asked to GCS Team:
We are having some actions on the Home icon if we use MainNavigation rule from COSMOS:02-01-01 then how to add the action because icons are loaded dynamically.
I got response from you -> Customize MainNavigation rule from COSMOS:02-01-01 in the application and add Home icon with application actions and “pega.u.d.skipToContent” function & load harness.
Here main problem with function (even though using OOTB Function) which is causing security warning because actions are not registered. Now again need to use “pega.u.d.skipToContent” function as per your suggestion. If this function causes same security warning then again we are came to back initial stage.
Please check the above scenerion and suggest the same.
Is there any way to register “pega.desktop.activateDocument” function actions to resolve security warning ?
That explains everything. I have good news for you: you don't need to do anything besides removing the overrides. The auto-generated dynamic navigation should fulfill all the needs. It already constructs the navigation the correct way, which means: pega.desktop.activateDocument is not needed, pega.u.d.skipToContent is already embedded, the correct actions are already configured.
So, please remove MainNavigation override (and the application logo too) and configure the landing pages through Channels & Interfaces. You may change the icons for menu items along with the application logo and name (Configuration tab).