Question & Answer
Question
Cause
The 'TIPAuthorizationFilter.class' was modified on CP5 to add a safe-guard against cross-site exploits, this was APAR 67674 :
67674 - [TWS 184233] AppScan on Premise: Cross Site Request Forgery
so a 'CheckReferrer' class was bundled in.
However, from CP6, an additional check was added to look for special HTTP servlet header: "X-Requested-With", and have this stored (and stringfied) in variable 'reqtyphdr', so that everytime a request with this header is submitted, it gets logged, hence the "the nonbrowser value is true".
In summary, these messages are there to le us know that the requests are not coming from a 3rd party site or 'referrer'.
Answer
Historical Number
TS001674196
Was this topic helpful?
Document Information
Modified date:
30 July 2019
UID
ibm10961336