2483408 - Warning message "OWASP CSRFGuard java script was included from within an unauthorized domain!" while launching course.

SAP Knowledge Base Article - Public

2483408 - Warning message "OWASP CSRFGuard java script was included from within an unauthorized domain!" while launching course.

Symptom

While launching inhouse content through VPN we are receiving the below warning message.

Capture.JPG

Environment

Learning Management System

Successfactors Learning

LMS

Reproducing the Issue

Launch an inhouse (Hosted in your own content server which uses cross domain proxlet) content through VPN

Cause

This is an issue with VPN rewriting URL's. Our LMS application protects against cross domain.

Resolution

 If you don't want to see this popup, you have to disable CSRF Guard on their instance. This can be done by doing the following.


Go into
System Admin -> Configuration -> System Configuration -> CSRF_GUARD

Change the following to false
enableCSRFGuard=false

Note: But we highly recommend not to change this to false and just get used to the warning message since the configuration gives more security in cross domain content platform.

Keywords

OWASP CSRFGuard java script was included from within an unauthorized domain!
CSRFGuard
enableCSRFGuard , KBA , LOD-SF-LMS-CNT , Content , Problem

Product

SAP SuccessFactors Learning all versions