Article - CS327573
Beta version of Chrome (84.0.4147.30) & Microsoft Edge Dev Channel(84.0.522.5) send HTTP Headers "sec-ch-ua" & "sec-ch-ua-mobile" which causes ESAPI validation error in ThingWorx Application Log
Modified: 07-Feb-2022
Applies To
- ThingWorx Platform 7.3 SP20 to 9.0
Description
- Beta version of Chrome (84.0.4147.30 +) & Microsoft Edge Dev Channel(84.0.522.5 +) send HTTP Headers sec-ch-ua, sec-ch-ua-mobile which causes ESAPI validation error in ThingWorx Application log
[L: WARN] [O: IntrusionDetector] [I: ] [U: Administrator] [S: ] [P: ] [T: https-jsse-nio-8443-exec-5] [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionDetector] Invalid input: context=HTTP header value: sec-ch-ua, type(HTTPHeaderValue)=^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_ %$ ¡-'"]*$, input="\\Not;A\"Brand";v="99", "Google Chrome";v="85", "Chromium";v="85"
This is a printer-friendly version of Article 327573 and may be out of date. For the latest version click CS327573