This article is based on the ServiceNow support article. See the original article on the ServiceNow support site: ServiceNow HI: Allow JavaScript tags in Embedded HTML.
Requires authorization for incoming CSV requests.
| CSV Request Authorization | |
|---|---|
| Property Name | glide.basicauth.required.csv |
| Configuration Type | System Properties (/sys_properties_list.do) |
| Purpose | To enforce CSV Authorization. |
| Requirement | Recommended |
| Recommended Value | True |
| Default Behavior | Set to true |
| Revertible behavior | N/A |
| Role required | Security_admin |
| Release Version | Spring 2009 |
| Functional Impact | (Low) This remediation would enforce the combination of authentication in the form of Basic auth and system level access control while retrieving data from tables/pages in the form of CSV data on the instance. If there are guest users currently accessing this data, they will be restricted, and customer will have to create a new account for the user who needs access to this content with necessary access control permissions, if applicable. For more info please visit the following product documentation page: CSV Web Service. |
| Security Risk | (Medium) Without appropriate authorization configured on the incoming CSV requests, an unauthorized user can get access to sensitive content/data on the target instance. |
| Workaround | No alternate method available. |
| References | Web Services Security |
How to configure #
- Navigate to /sys_properties_list.do.
- Search for the property.
- Assign the recommended value as shown in the screenshot > Click Update.
