Getting 403 Forbidden when trying to run activity from user portal

grant_VA · June 23, 2021, 9:54pm

In the user portal, as a non-admin user, I’m getting this error when trying to run an activity with JavaScript:

var urlString = new SafeURL(‘@baseclass.ShowLogoffTimerRTS’);

window.open(urlString.toURL(), null);

The activity has the “Require authentication to run” checkbox unchecked and the “Allow direct invocation from the client or a service” is checked.

I noted that this is only happing for a non-admin user, because I can run this script successfully using my admin access group.

Thanks in advance to anyone who spends time on this.

Grant

Anthony_Gourtay · June 24, 2021, 11:41am

@grant@VA

Hello,

does the popup come? or it fails for the content of the popup?

I guess the content will be executed/created with the user context and this might require some grants also

Is it the same with a static content for the popup?

Regards

Anthony

Sachin_Agrawal · June 24, 2021, 1:55pm

@grant@VA I am not sure why @baseclass.ShowLogoffTimer (it’s available) can’t be use for any customization required as per application.

Basically follow below steps:

Modify @baseclass.ShowLogoffTimer as per need in application rule-set
This activity is being referred in webwb.pega_desktop_AppControllerLite.js … in the link/button in Action tab of configuration panel, use RunScript and refer this.

Hopefully it will work.

grant_VA · June 30, 2021, 9:00pm

@Anthony_Gourtay Thanks for the reply. No, the popup does not appear. If I’m using static content for the popup contents there is no issue. I can see the server responding with a 403 error associated with the request to call the ShowLogOffTimer activity.

grant_VA · June 30, 2021, 9:05pm

@SachinA48 Yes, we are originally seeing the 403 response with this implementation of the pxSessionTimer. I had create my own modal dialog b/c the server call to run @baseclass.ShowLogoffTimer activity from the desktop_showTimeoutWarning JS function was returning 403. Also we are noticing 403 responses for some JavaScript API calls, like pega.api.ui.actions.runDataTransform. Thanks for the reply.

mjosborn85 · July 1, 2021, 10:32pm

@grant@VA , are you hitting newer Javascript security functionality? As a quick test, set pyBlockUnregisteredRequests to false in a private checkout. If you find success, you’ll need to use encryption to your Javascript in addition to SafeURL. See pega_rules_utilities.pzEncryptURLActionString

Conversation		Replies	Views
pega.util.Connect.asyncRequest is throwing 500 when trying to execute activity General java-and-activities , 8-8-5	1	104	September 9, 2024
Issue with NewCovered Harness resulting in 403 Fordbidden http response General pega-platform , senior-system-architect , security , insurance , dev-designer-studio	3	601	July 26, 2022
Work object creation using js function not working on pre-production/production environment General senior-system-architect , system-architect , data-scientist , security , case-management , other-industry , consumer-services , 8-5-4	1	616	February 9, 2022
Getting severe exception if Require authentication to run checkbox is unchecked General pega-platform , lead-system-architect , healthcare-and-life-sciences , 8-6-2 , dev-designer-studio	1	225	November 18, 2024
Custom activity not getting executed for unauthenticated / guest user General senior-system-architect , security , other-industry , 8-4	11	822	September 10, 2020

Getting 403 Forbidden when trying to run activity from user portal

Related topics