Removing the ability to disable Filter Content-Typ...

Walter_Haydock · ‎12-21-2020

Hi everyone,

Following up on something that we noted in our documentation a while back, we are planning to deprecate the ability to disable the Filter Content-Type option in the Platform Subsystem.

Although enabling this setting is the default in ThingWorx, and doing so is strongly recommended to prevent cross-site request forgery (CSRF) attacks, it is still possible to disable it. We allowed for this option because of concerns about backwards compatibility, but now that several major versions have passed we are planning to make the default setting mandatory in a future release of ThingWorx (likely by the end of calendar year 2021). Removing the ability to disable Filter Content-Type will further enhance the security of the ThingWorx platform.

Please chime in on this post of you have any concerns.

Best,

Walter Haydock

ThingWorx Product Management

PaiChung · ‎12-22-2020

Is there an article anywhere that explains the typical use cases that would be impacted by this?

Thanks!

Walter_Haydock · ‎12-22-2020

Hi! I would recommend taking a look at this section of the Help Center for more information.

Removing the ability to disable Filter Content-Type

Removing the ability to disable Filter Content-Type

Re: Removing the ability to disable Filter Content-Type

Re: Removing the ability to disable Filter Content-Type