We are observing a "URL tampering vulnerability detected" error sporadically in our environment post the upgrade to Pega 8.4. (Attached is the screenshot) The users who are observing it are set up correctly as per their access group and as far as I see, we are not accessing or referring to the activity which is listed in the error details.
This is an experimental feature for 8.4 , and is by default turned off. The feature is fully available and shipped in 8.5. In 8.4 the warnings are turned off for production environments and show up only in lower level environments as a preview.
However these lower environments warnings too would be turned off in next patch release.
Does this mean that in 8.5 unregistered requests will be blocked by default? We recently upgraded to 8.4.2 and are seeing this warning when running OOTB scripts on some controls and want to determine what if any changes we should expect to have to make when we upgrade to 8.5.