13
Views
7
Comments
Not able to call service action after enabling HSTS

Hi everyone,


     After devops team enabled HSTS yesterday, my application has not been able to call service action.

    The error is :The remote server returned an error: (403) Forbidden. 

     Anyone can provide a solution?


Regards,

Zhou Shuai

Rank: #156

Hi Zhou,


Have you applied the settings in Service Center (see in detail here)?



Hope it helps.


Cheers,

João

Rank: #156

Hi Zhou,


For transversal changes, like the one you are referring, to be effectively applied, you need to apply those settings per environment.

If you go to the Service Center of the environment you are testing and apply those settings (as mentioned on the documentation and screenshot above) they will then be applied and then the HSTS policy will be indeed in place. Until then these settings are pending.

As you can see in the documentation, Service Actions fall into Module Settings that need to be applied:



Hope it helps.

Cheers,

João

Rank: #156

Hi Zhou,


When you toggled the HSTS in LifeTime you think you activated it but instead you requested the activation it but it's not yet ON.


In order for the HSTS to be activated, you need to Apply settings in each environment.

So you need to go to each environment and:

a) Create a solution with everything and publish everything;

b) Create a solution with all eSpaces and apply settings.


To do this, on Service Center, you create a solution

Then, you add all the modules (use of *) like on the image below and press Associate:


And once you have them all, you pess the Apply Settings:

Once you do that, now all your modules will have the latest settings, including the HSTS you activated.


Hope now it is more clear.


Cheers,

João

mvp_badge
MVP
Rank: #76

Hi Zhou,

I'm not sure, but this could also be related to the same bug that was reported here.

Is your module associated with a Deployment Zone for which Use HTTPS for internal communications property is disabled? 

In this case, it could be that having HSTS enabled and HTTPS for internal communications disabled is resulting in the same bug. Service Actions are supposed to always accept http requests regardless of any configurations.

I will report this one to OutSystems too, so they can analyze it further.

Regards,

Nordin