- This article will show you how to configure Shape Defense when your application makes a CORS (Cross Origin Resource Sharing) POST.
- For example, when your home page is www.customer.com and clicking on login makes a POST to login.customer.com/login. Note that since the 2 domains are different, this will require an additional configuration at Silverline.
- If the next domain isn't configured in Silverline, Shape telemetry isn't passed to the next domain and will flag that request as "Token Missing".
- Silverline Shape Defense
- In this example, the landing page is on www.customer.com and when the user clicks on login/submit, the POST request is sent to login.customer.com .
- Page on www.customer.com domain needs to decorate the request, while the endpoint on the login.customer.com domain needs to evaluate the incoming telemetry.
- When user requests a page at www.customer.com, Silverline configuration at this domain will insert the Shape JS into the page.
- NOTE : There is no space between the comma and the next entry. Please do not add any spaces.
- The Shape JS on www.customer.com now knows about the additional domains and paths it needs to protect.
- Telemetry Evaluation
- In the Shape Defense configuration for login.customer.com, add the protected endpoints under Protected Endpoints section.