A warning log saying "Cross-origin requests are not allowed." is output.

 
[Occurrence condition]
It is output when a cross-origin request is sent to intra-mart from a website other than intra-mart.
It occurs in the environment of intra-mart Accel Platform 2019 Summer or later.

[Log details]

[Requirements]
https://issue.intra-mart.jp/issues/22256
Corresponds to cross-origin resource sharing in intra-mart Accel Platform 2019 Summer with the above requirements.

Therefore, when the AP server receives a cross-origin request to a resource that has not been shared,
"[W.IWP.CORS.FILTER.SECURITYLOG.00001] Cross-origin requests are not allowed." is output in the log.

[System administrator operation guide - Cross-origin resource sharing settings]
https://document.intra-mart.jp/library/iap/public/operation/system_administrator_guide/texts/apply_guide/apply_guide_12.html
If the cross-origin request is intentional, please refer to the document above to configure cross-origin resource sharing.
When actually setting, please consider security such as "which origin to share requests from".

Also, please refer to the following external site for general specifications and details regarding cross-origin resource sharing.
https://developer.mozilla.org/ja/docs/Web/HTTP/CORS (Japanese)
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS (English)
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS (Chinese)

[How to avoid log output]

If cross-origin resource sharing settings are made, the log will not be output.

If you do not configure cross-origin resource sharing settings, you can control or suppress the relevant logs in the log settings.
However, by suppressing the output, it is not possible to check whether an unintended cross-origin request has occurred, so it is recommended to output the log.
Please refer to the following document for the details and setting contents of the log setting and consider the setting contents according to your needs.
[Log specifications]
https://document.intra-mart.jp/library/iap/public/im_core/im_log_specification/index.html

-- Target ----------------------------------------------------------------------
iAP/Accel Platform/2019 Summer(Waltz) or later
--------------------------------------------------------------------------------

FAQID:1181
Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk