Follow

Configuring Web Client (Shape JS Integration)

Description

  • This article provides guidance for configuring Shape JS. It assumes that you have already enabled a Proxy Service for your Application, enabled Shape Defense, and configured the protected endpoints.

Return to Integrating Shape Defense

Environment

  • Shape Defense for Web

Procedure

Accessing Shape Defense UI

To access the JavaScript Configuration screen, go to:

Configs -> Proxy / App Management -> For a particular application, click Edit.

Choose: HTTPS (443/443) HTTP (80/80) -> Shape Defense tab

 

JavaScript Insertion Service Configuration

Screen_Shot_2021-03-12_at_2.14.15_PM.png

  1. Shape JavaScript Path - a unique path (should not be already used within your page), will be used to insert Shape JS. Do not use terms "shape", "silverline", or similar terms indicating a security purpose for the script.
  2. JavaScript Insert Location - specifies where in the page Shape JS should be inserted.
    • Choices are:
      • Before the first <script> 
      • After <head> (preferred option)
      • After </title>
      • None - The script tag will be inserted by the customer, at the application origin.
  3. Insert JavaScript Telemetry tag in <body> Checkbox - this will separate ASYNC portion of Shape JS, and insert it into the <body> of the page, to execute after the non-Shape spirits had executed. This improves performance, but may impact efficacy of the system.
  4. Additional Protected Endpoint Domain & Path - This section is relevant to websites where HTML page sends a protected POST to a URL on a different domain. For instance www.customer.com will post to login.customer.com.  This section facilitates handling of Cross Origin Resource Sharing (CORS). Refer to this detailed guide:  Protect CORS POSTs using Shape Defense
  5. JavaScript Insertion - Excluded Paths - Defines page URLs where Shape JavaScript should not be inserted.

Screen_Shot_2021-03-12_at_2.14.33_PM.png

This will skip the page www.customer.com/checkout from Shape JS insertion.

 

Resulting Changes to Your Webpage

The configuration settings mentioned above would lead to the insertion of 3 ShapeDefense JavaScript tags inside your web page. The positioning of the insertion depends on your Javascript Insertion Location settings. 

For example:

Screen_Shot_2021-03-12_at_2.05.10_PM.png

In this scenario the three  "/js/test.js" tags were inserted after the <head> tag.

 

After Shape Defense is configured in the Silverline Portal and JavaScript Client is properly setup, proceed to the Testing and Validation steps.

 

*Note : If CDN such as CloudFront is utilized before Silverline, ensure that the Shape JS file is excluded from caching configuration. 

 

Related Content

Return to Integrating Shape Defense

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request