Disable <a href="http://www.setgetweb.com/p/commerce7/com.ibm.commerce.admin.doc/tasks/tsecsssp.htm">cross-site scripting protection</a> for the Management Center

Secure > Enhance site security

Disable cross-site scripting protection for the Management Center

When enabled, cross-site scripting protection rejects any user requests that contain attributes (parameters) or strings that are designated as not allowable. You can also exclude commands from cross-site scripting protection by allowing the values of specified attributes for that particular command to contain prohibited strings. Cross-site scripting protection is enabled by default, but you can disable it to match the security needs.

Procedure
Open the following file:

LOBTools.war/WEB-INF/web.xml

LOBTools/WEB-INF/web.xml

See Management Center Web application file locations for more information.
Search for and remove the following snippet:
<param-name>com.ibm.commerce.security.crosssitescriptingprovider</param-name> 
<param-value>com.ibm.commerce.foundation.internal.client.security.impl. 
ClassicCommerceCrossSiteScriptingProviderImpl</param-value>
Save the changes and close the file.

Deploy your changes.
+
Search Tips | Advanced Search