ServiceNow Learning 93: Privacy on client-callable script includes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2023 01:23 AM
Hi All,
Today I learnt more about how we can put privacy on client-callable script includes.
- By default, client-callable script includes that do not explicitly set visibility, are public. If needed, add the glide.script.ccsi.ispublic property to enable privacy control over all client-callable script includes accessed by public pages.
- When you add this property, you must set its value to false, which designates that all client-callable script includes are private, and changes their visibility in public pages.Note: You cannot add the property with a value of true, or change its value from false to true. If you attempt to do so, an error message appears.
- If needed, you can change the privacy setting for an individual client-callable script include by adding the isPublic() function.
- The isPublic() setting takes precedence over the glide.script.ccsi.ispublic property.
- For example, if you set isPublic() to true in an individual script, it makes it public, which overrides the glide.script.ccsi.ispublic property that makes all other client-callable script includes private.
| Attribute | Description |
| Property name | glide.script.ccsi.ispublic |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Making client-callable script includes private means that guests who access public pages can't access the client-callable script include. A non-logged-in user can't execute a private script. |
| Recommended value | false |
| Functional impact | (High) If the client-callable script includes are designated as public (that is, this property is missing), then unauthenticated users can execute client scripts. Add the property restricts the execution of scripts by a non-logged-in user. |
| Security risk | (High) If you do not add this property, client-side script includes circumvent ACLs, which may result in unintended public functionality. If the client script provides confidential information, it could have an adverse potential security risk. |
| Workaround | Setting the glide.script.ccsi.ispublic property to false makes all client-callable script includes private. You can change the privacy setting for an individual client-callable script include by adding the isPublic() function. The isPublic function takes precedence over the glide.script.ccsi.ispublic property. Add the following syntax to the script include: isPublic:function(){return[true/false];}, |
Hope it helps you.
I hope this article helpful. Please mark it as helpful and bookmark if you like it.
Regards,
Shamma
- 608 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2024 02:16 AM
- Client-callable script includes are public by default.
- To control privacy, add the glide.script.ccsi.ispublic property and set its value to false. This makes all client-callable script includes private.
- You cannot add the property with a value of true or change its value from false to true.
- To change the privacy setting for an individual script, add the isPublic() function. This setting overrides the glide.script.ccsi.ispublic property.
- The property name is glide.script.ccsi.ispublic and it can be configured in Instance Security Center.
- Making client-callable script includes private prevents guests from accessing them on public pages.
- If the property is not added, client-side script includes can bypass ACLs, potentially leading to security risks.
- To make all client-callable script includes private, set the glide.script.ccsi.ispublic property to false.
- To change the privacy setting for an individual client-callable script include, add the isPublic() function with the syntax: isPublic:function(){return[true/false];},
nowKB.com
