ISD w/ REST 2.0 - Cross-Domain Script Enabled?

Dedicated to DataStage and DataStage TX editions featuring IBM<sup>®</sup> Service-Oriented Architectures.

Moderators: chulett, rschirm

Post Reply
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

ISD w/ REST 2.0 - Cross-Domain Script Enabled?

Post by qt_ky »

We are having some first-time learning curve questions in providing a REST 2.0 ISD application (method GET, format JSON) for testing purposes. Just entering the service URL in the web browser works fine.

Is our service Cross-Domain Script Enabled? I couldn't find anything in the ISD documentation about this. All the search results in Knowledge Center relate to Information Analyzer. Best I could guess is that I assume it is... Developer reports this response from their AJAX function that calls our service:

{"httpStatus": 403, "msgId": "CDISF0003E", "msgSeverity": "Error", "msgText": "The IIS session token is invalid."}

Google and IBM Support Portal don't provide any results when searching on "CDISF0003E". It looks like a WAS error code to me. Maybe search is broken right now.

I found these entries in the SystemOut.log file on our server. I substituted in the ... parts.

Again, searching on the "00004c61" code gave no results.

[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index"

[12/15/16 17:20:17:136 EST] 00004c61 SessionFactor E com.ibm.iis.isf.security.impl.SessionFactory isXsrfSafe Possible Cross-Site Request Forgery Attack. Request URL: https://...server...:9443/wisd-rest2/...app.../...svc.../...op1... HTTP Referer Header: http://localhost:56093/Home/Index.
Choose a job you love, and you will never have to work a day in your life. - Confucius
eostic
Premium Member
Premium Member
Posts: 3838
Joined: Mon Oct 17, 2005 9:34 am

Post by eostic »

No idea...but I suspect it may be a WAS thing. Are you, by chance, trying to also make that REST call from inside of Information Server somewhere (like from IGC itself?)....

Ernie
Ernie Ostic

blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

I just now tried entering the service URL into a web browser running from on Info Server. That works fine, same as from the web browser on my PC. I'm just not clear at this point, with searches coming up empty, if this should be my headache or the developer's headache to resolve.
Choose a job you love, and you will never have to work a day in your life. - Confucius
JRodriguez
Premium Member
Premium Member
Posts: 425
Joined: Sat Nov 19, 2005 9:26 am
Location: New York City
Contact:

Post by JRodriguez »

Hi qt_ky,

Check this Tech Note, might help to mitigate the issue, specially if your servers are behind a firewall:

http://www-01.ibm.com/support/docview.w ... wg21979949

Regards
Julio Rodriguez
ETL Developer by choice

"Sure we have lots of reasons for being rude - But no excuses
JRodriguez
Premium Member
Premium Member
Posts: 425
Joined: Sat Nov 19, 2005 9:26 am
Location: New York City
Contact:

Post by JRodriguez »

Hi qt_ky,

Check this Tech Note, might help to mitigate the issue, specially if your servers are behind a firewall:

http://www-01.ibm.com/support/docview.w ... wg21979949

Regards
Julio Rodriguez
ETL Developer by choice

"Sure we have lots of reasons for being rude - But no excuses
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

Thank you Julio for the tech note link. So, there is a way to disable such cross-domain script checking, but for security reasons it's a bad idea to turn this off permanently.

It's looking like this problem is related to a particular technology--the jquery ajax function ( http://api.jquery.com/jquery.ajax/ ). I just found out that the same developer is able to call the same service using a different programming language with no errors. I don't get it yet, but, we have a workaround! Thanks.
Choose a job you love, and you will never have to work a day in your life. - Confucius
Post Reply