Why message 'TIPAuthorizat I the nonbrowser value is true' keeps showing in DASH log?

Created by Victor Diaz on Mon, 07/29/2019 - 10:23
Published URL:
https://www.ibm.com/support/pages/node/961336
961336

Question & Answer


Question

Why does message:
TIPAuthorizat I the nonbrowser value is true
keeps being written to the '$JAZZSM_HOME/logs/server1/SystemOut.log' file?

Cause

The 'TIPAuthorizationFilter.class' was modified on CP5 to add a safe-guard against cross-site exploits, this was APAR 67674 :

 67674 - [TWS 184233] AppScan on Premise: Cross Site Request Forgery

 (https://developer.ibm.com/answers/questions/471990/what-are-the-ifixesapars-included-on-each-dash-cp.html)

 so a 'CheckReferrer' class was bundled in.

 However, from CP6, an additional check was added to look for special HTTP servlet header: "X-Requested-With", and have this stored (and stringfied) in variable 'reqtyphdr', so that everytime a request with this header is submitted, it gets logged, hence the "the nonbrowser value is true".

 In summary, these messages are there to le us know that the requests are not coming from a 3rd party site or 'referrer'.

Answer

These are informational only messages and can be ignored; i their removal is required, please contact IBM Support.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEKCU","label":"Jazz for Service Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Historical Number

TS001674196

Document Information

Modified date:
30 July 2019

UID

ibm10961336