Skip to main content
A
atondorf14-Alexandrite
14-Alexandrite
November 6, 2020
Question

Thingworx and current Chrome flooding the Application log

  • November 6, 2020
  • 1 reply
  • 7404 views

Hi Everybody,

 

I have an issue with thingworx and the current chrome version. I get a lot or Errors in Application Log:

Error occurred while validating HTTP header: sec-ch-ua. HTTP header value: sec-ch-ua: Invalid input. Please conform to regex ^[0-9a-zA-Z()\-=\*\.\?;,+\/:&_ %$ ยก-￿'"]*$ with a maximum length of 2000 

So i did following steps:

  • Check where Thingworx stores the regex and just changed the order a little bit to [0-9a-zA-Z ...
    So I was able to be sure which Rexeg Thingworx uses for the sec-ch-ua header.
    It is in file ThingworxStorage\esapi\validation.properties:
    Validator.HTTPHeaderValue=^[0-9a-zA-Z()\\-=\\*\\.\\?;,+\\/:&_ %\$ \u00A1-\uFFFF'"]*$
  • Check the content of the sec-ch-us of Chrome. It's: 
    "Chromium";v="86", "\"Not\\A;Brand";v="99", "Google Chrome";v="86"
  • Ok there is an issue with the string of chrome! The backslaches are not allowed by the regex ... 
  • So I tried to adopt the Regex and add support for '\' but even with an all allowing Regex "^.*$" I get Error:
    • "Error occurred while validating HTTP header: sec-ch-ua. Input validation failur"
    • So the error does not display the regex anymore, but still present!

Anyone has an idea?

 

 

 

1 reply

S
slangleyCommunity Manager
Community Manager
November 6, 2020

Hi @atondorf.

 

Which version of ThingWorx are you running?  Have you recently upgraded the environment?  If so did you remove validation.properties so it gets recreated under the new version?

 

If you've made any modifications to validation.properties, you'll need to save the original in order to merge your changes back in after the file is recreated. 

 

You also may need to double escape the backslash: \\\\\

 

Please let us know if you continue to have issues.

 

Regards.

 

--Sharon

A
atondorf14-AlexandriteAuthor
14-Alexandrite
November 9, 2020

Hi,

 

I have this behaviour on TWX 8.4. We also have a 9.0 instance for testing. But for some reason Chrome does not send the sec-ch-ua header to this instance (Maybe because it's not https).

So i tried it now with several approaches to add the '\' support to the Regex:

- Original RexEx String:

^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %\$ \u00A1-\uFFFF'"]*$:      Get the error " Please conform to regex ... "

- Modified with '\' Support. I tried it with 3-6 of the '\' in the string. Always with the same result:

^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %\$ \u00A1-\uFFFF'"\\\]*$    Get the error " Input validation failure"

 

Is it possible to add an special Regex to handle the sec-ch-ua Header?

So e.g.: Validator.HTTPHeaderValue_sec-ch-ua=^.*$

I tried it with this string, but seems to be ignored by system as nothing changed.

 

Greetings

 

Andreas

 

 

Terms & ConditionsCookie settingsAccessibility statement