Hi OutSystems community,We have observed that the client's browser is sending a request to the ECT_Provider, which functions as the feedback module. Despite disabling feedback for this specific reactive web application through the feedback management application, the requests continue.
Two questions:
1. Is it possible to completely prevent the reactive web application from sending this request?
2. What function does the endpoint "127.0.0.1/Integrics/Enswitch/API" serve? Our security team is concerned that it may pose a vulnerability.
Regards,
George
Please do check https://<<your environment>>/ECT_Provider/ws_ect.asmx and verify the GetModernECT signature has reference to 127.0.0.1/Integrics/Enswitch/API. If it is present then you need to investigate your OutSystems server for any vulnerabilities. I have checked multiple installation but none has reference to 127.0.0.1/Integrics/Enswitch/API.
Coming back to client side, do check if there are some sofware that's injecting this namespace to the payload. Also test on other devices outside your network to see if this due to software installed locally on that particular device.
HI @Siya, thanks for the help.
I tried to accessed the <<my env>>/ECT_Provider/ws_ect.asmx?op=GetModernECT and can confirm there is NO place referencing 127.0.0.1/Integrics/Enswitch/API.
However, the SOAPAction is suspicious.
The URL "http://ECT_Provider/WS_ECT/GetModernECT" is correct and the server side is functioning normally. You now need to check the client side to determine what is injecting the additional namespace.
Hi @Siya ,
It seems OutSystems.UI javascript is adding this?
Also, this application is a public facing reactive web app and therefore no user authentication is required.
It's highly unlikely that this issue is caused by OutSystems.UI JavaScript. To verify, please try testing on a different network or machine to see if the behavior persists. Additionally, consider submitting a support ticket to OutSystems for further assistance, as they may have more information on this matter.