Modified parameters in the mashup code prevent access to the mashup channel
When you modify parameters in your mashup code that the system validates, the mashup might not work.
Condition
If users change specific parameters in the mashup code and want to run the application on the host page, the server responds with HTTP status 403. The browser displays the following message: Unregistered mashup request for channel : <<channel ID>>.
Cause
When you implement a web mashup, the system authenticates the HTTP request before streaming back the application that is displayed in the Pega gadget on an external web page. If users modify any of the parameters that the system validates, the system detects access violation and displays the error page.
If the pyBlockUnregisteredRequests when rule is set to true, and the system receives an HTTP request with the isWebMashup=true parameter and a valid ChannelID parameter, the system validates the parameters for the mashup channel in the following order:
- pyActionNameWhen
- pyActivity (which you set to @baseclass.doUIAction for all the mashup actions, except for the openWorkByURL action)
- pyHasDynamicParams
- If the mashup is configured with pyHasDynamicParams=true, the system does not validate action parameters or custom parameters.
- If the mahsup is configured with
pyHasDynamicParams=false, the system
validates the corresponding action parameters. If the mashup
contains custom parameters, the system validates also the custom
parameter key and value that are configured in the mashup
channel.
If you modify any of the action or custom parameters, the system displays an error message.
The system validates the following properties in the mashup channel against the HTTP request parameters received for the corresponding action:
Action | Properties |
createNewWork |
|
display |
|
getNextWork | Not applicable |
openAssignment | pyOpenAssignment |
openWorkItem | pyWorkID |
openWorkByHandle | pyParamKey |
openWorkByURL | pyQueryParam |
Solution
- Restore the mashup configuration:
- If you have the original values of the parameters that the system validates, restore the original parameter values.
- If you do not remember the original values of the parameters that the system validates, regenerate and redeploy the mashup code. For more information, see Creating a mashup.
Previous topic Mashup code is not consistent with the latest security enhancements Next topic Custom JavaScript in application design