APAR status
Closed as documentation error.
Error description
In "Security-hardening properties" ( https://www.ibm.com/support/knowledgecenter/en/SS8JB4/com.ibm.wb pm.imuc.doc/topics/rsec_harden_properties.html ), the description for the Security.CsrfProtectionRefererWhitelist security hardening property is misleading: "The value of this property must be a comma-separated list of host names (or domain names) that are valid values for the Referer header field. By restricting values to host names and domain names that serve user interfaces for Business Automation Workflow, you can mitigate CSRF." The term "domain name" means the fully qualified host name including the domain. However, you might interpret it as the domain part of the host name. For example, if the full host name is "myserver.domain.com", you might incorrectly think it is sufficient to configure just "domain.com" as the value for the property.
Local fix
n/a
Problem summary
No additional information is available.
Problem conclusion
The content will be updated the next time the documentation is refreshed.
Temporary fix
Comments
APAR Information
APAR number
JR61821
Reported component name
BUS AUTO WORKFL
Reported component ID
5737H4100
Reported release
J00
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-12-13
Closed date
2020-03-11
Last modified date
2020-03-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"19.0.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
27 March 2020