ISD w/ REST 2.0 - Cross-Domain Script Enabled?
Posted: Fri Dec 16, 2016 8:35 am
We are having some first-time learning curve questions in providing a REST 2.0 ISD application (method GET, format JSON) for testing purposes. Just entering the service URL in the web browser works fine.
Is our service Cross-Domain Script Enabled? I couldn't find anything in the ISD documentation about this. All the search results in Knowledge Center relate to Information Analyzer. Best I could guess is that I assume it is... Developer reports this response from their AJAX function that calls our service:
{"httpStatus": 403, "msgId": "CDISF0003E", "msgSeverity": "Error", "msgText": "The IIS session token is invalid."}
Google and IBM Support Portal don't provide any results when searching on "CDISF0003E". It looks like a WAS error code to me. Maybe search is broken right now.
I found these entries in the SystemOut.log file on our server. I substituted in the ... parts.
Again, searching on the "00004c61" code gave no results.
[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index"
[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E com.ibm.iis.isf.security.impl.SessionFactory isXsrfSafe Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index.
Is our service Cross-Domain Script Enabled? I couldn't find anything in the ISD documentation about this. All the search results in Knowledge Center relate to Information Analyzer. Best I could guess is that I assume it is... Developer reports this response from their AJAX function that calls our service:
{"httpStatus": 403, "msgId": "CDISF0003E", "msgSeverity": "Error", "msgText": "The IIS session token is invalid."}
Google and IBM Support Portal don't provide any results when searching on "CDISF0003E". It looks like a WAS error code to me. Maybe search is broken right now.
I found these entries in the SystemOut.log file on our server. I substituted in the ... parts.
Again, searching on the "00004c61" code gave no results.
[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index"
[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E com.ibm.iis.isf.security.impl.SessionFactory isXsrfSafe Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index.