This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Smartdocs is adding additional header Referer to the request

Posted on 08-12-2016 11:07 AM
Not applicable
Reply posted on --/--/---- --:-- AM

When a delete transaction is sent out from Developer portal smart docs, we are getting an issue.

If we send the request from the postman, we don’t have any issue.

When a request is sent from developer portal, Referer header contains %7Breferenc%7D.

As per some of our policies to avoid SQL injection and other security issues, % is not allowed as part of the header.

Is there a way to remove the % from the URL path or from the body which is sent to the Edge APi.

Is there a way to disable the referer header from the request?

One option to have policy which will remove the "referer" header before the "Regular Expression Protection", but all the requests will have to execute this policy.

As the request is generated from Smartdocs, I am looking for a way.

1 3 477
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

Hi @Pradeep Ande

Can you share the Open API (Swagger) spec that was imported to the dev portal ? I would like to take a look at it and see if I can reproduce

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Pradeep Ande ,

Thank you for highlighting this issue. Did some research & i can able to reproduce same, It's due to the badly formed smartdocs developer portal URL that has been taken as the Referer value while making the smartdocs API call.

For Example, Take a look at this smartdocs URL, http://dev-4mv4d.devportal.apigee.com/petstore/apis/delete/user/%7Busername%7D

It's due to the smartdocs content type URL pattern setting, %7B & %7D refers to { & } html encoded characters. By this time you might have guessed the root cause.

Default pattern for smartdocs URL is ,

[node:field-smart-method-model:name]/apis/[node:field-smart-method-verb:name]/[node:field-smart-method-resource-path]

that means if resource path is dynamic parameter like /v2/user/{username} then url will contain encoded characters like above. to fix above issue, you can update the url pattern to something like below in "admin/config/search/path/patterns" page as Developer Portal administrator,

[node:field-smart-method-model:name]/apis/[node:title]

Once you save the settings, Either re-render the smartdocs / generate the url by editing the the smartdocs node using the "URL path settings" at the bottom.

Hope it helps. Keep us posted if any.

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Chris Novak , @Daniel Johnson FYI

0 Likes