Follow

How to Protect CORS POSTs using Shape Defense

Description

  • This article will show you how to configure Shape Defense when your application makes a CORS (Cross Origin Resource Sharing) POST.
  • For example, when your home page is www.customer.com and clicking on login makes a POST to login.customer.com/login. Note that since the 2 domains are different, this will require an additional configuration at Silverline.
  • If the next domain isn't configured in Silverline, Shape telemetry isn't passed to the next domain and will flag that request as "Token Missing". 

 

Environment

  • Silverline Shape Defense 

Procedure

Screen_Shot_2021-03-01_at_9.49.41_AM.png

 

  1. Decoration
    • When user requests a page at www.customer.com, Silverline configuration at this domain will insert the Shape JS into the page.
    • By default, Shape JS uses the FQDN www.customer.com as the protected domain. It does not know about the login.customer.com domain.  This domain needs to be specified in the Additional Protected Endpoint Domain & Path section of JavaScript Insertion configuration, under Shape Defense tab in the the Proxy setup for www.customer.com. Screen_Shot_2021-03-01_at_9.54.36_AM.png
    • NOTE :  There is no space between the comma and the next entry. Please do not add any spaces.
    • The Shape JS on www.customer.com now knows about the additional domains and paths it needs to protect.

     

  2. Telemetry Evaluation
    • In the Shape Defense configuration for login.customer.com, add the protected endpoints under Protected Endpoints section.Screen_Shot_2021-03-01_at_9.57.28_AM.png

 

 

 

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request