Posted: 8 May 2020 8:05 EDT Last activity: 14 Dec 2020 4:00 EST
URL Tampering vulnerability detected.
We are observing a "URL tampering vulnerability detected" error sporadically in our environment post the upgrade to Pega 8.4. (Attached is the screenshot) The users who are observing it are set up correctly as per their access group and as far as I see, we are not accessing or referring to the activity which is listed in the error details.
This is an experimental feature for 8.4 , and is by default turned off. The feature is fully available and shipped in 8.5. In 8.4 the warnings are turned off for production environments and show up only in lower level environments as a preview.
However these lower environments warnings too would be turned off in next patch release.
Does this mean that in 8.5 unregistered requests will be blocked by default? We recently upgraded to 8.4.2 and are seeing this warning when running OOTB scripts on some controls and want to determine what if any changes we should expect to have to make when we upgrade to 8.5.
What do you mean by unregistered requests? We don't have custom controls in our application, yet when browser is refreshed we see "URL tampering vulnerability detected". We use Data Page with REST Connector to get data from service when loading UI, all associated rules are accessible under user's Access Group.
update: Message "URL tampering vulnerability detected" appears in Dev Studio too, when you search for rule. Pega 8.4.3