cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The PTC Community email address has changed to community-mailer@ptc.com. Learn more.

Removing the ability to disable Filter Content-Type

Walter_Haydock
7-Bedrock
7-Bedrock
‎Dec 21, 2020 03:00 PM
‎Dec 21, 2020 03:00 PM

Removing the ability to disable Filter Content-Type

Hi everyone,

 

Following up on something that we noted in our documentation a while back, we are planning to deprecate the ability to disable the Filter Content-Type option in the Platform Subsystem.

 

Although enabling this setting is the default in ThingWorx, and doing so is strongly recommended to prevent cross-site request forgery (CSRF) attacks, it is still possible to disable it. We allowed for this option because of concerns about backwards compatibility, but now that several major versions have passed we are planning to make the default setting mandatory in a future release of ThingWorx (likely by the end of calendar year 2021). Removing the ability to disable Filter Content-Type will further enhance the security of the ThingWorx platform.

 

Please chime in on this post of you have any concerns.

 

Best,


Walter Haydock

ThingWorx Product Management

0 Kudos
Notify Moderator
4 REPLIES 4
PaiChung
22-Sapphire I
22-Sapphire I
(To:Walter_Haydock)
‎Dec 22, 2020 09:24 AM
‎Dec 22, 2020 09:24 AM

Is there an article anywhere that explains the typical use cases that would be impacted by this?

Thanks!

0 Kudos
Notify Moderator
Walter_Haydock
7-Bedrock
7-Bedrock
(To:PaiChung)
‎Dec 22, 2020 09:44 AM
‎Dec 22, 2020 09:44 AM

Hi! I would recommend taking a look at this section of the Help Center for more information.

0 Kudos
Notify Moderator
abhiramk
11-Garnet
11-Garnet
(To:Walter_Haydock)
‎Mar 29, 2021 06:29 AM
‎Mar 29, 2021 06:29 AM

From which version, it's going to be disabled? 

We are using custom UI to interacting with Thingworx(backend) which will create issues in the application if content type filter is enabled. If so, will there be any work around to handle this? Thanks

0 Kudos
Notify Moderator
Walter_Haydock
7-Bedrock
7-Bedrock
(To:abhiramk)
‎Mar 29, 2021 04:23 PM
‎Mar 29, 2021 04:23 PM

Our plan is to make this change in (what will likely be) ThingWorx 9.3. We aren't planning a workaround, as disabling Filter Content-Type is not generally considered a security best practice.

0 Kudos
Notify Moderator