- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 11:57 AM
Hi Everyone,
While working on instance security center to improve our compliance score, one of our high recommendations is the glide.security.url.whitelist" property.
Do we need do use "glide.security.url.whitelist" property and if so what should the values be?
Has anyone experience issues aftewards reported in the following kb https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0831476
Thanks so much for all your feedback
Gemma
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 02:38 PM
Got it so in the prod instance the preserver would be set like the attached, correct, so it wouldn't overwrite what is in each instance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 02:47 PM
@Gemma4 , yes - correct!
If my answer has helped with your question, please mark it as helpul and accepted solution.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 12:20 PM - edited 04-27-2023 12:21 PM
Hi @Gemma4 ,
Security is compromised when a vulnerable web page is redirected to a malicious page, this property helps to implement a safe redirection during login,logout or other redirections.
The property value should be a Fully Qualified Domain Name(s), example: https://www.servicenow.com
If you have external authentication in place, this propery value should not be left blank, it should contain the Identity Provider's host name - if left blank, the login requests may generate an infinite loop between servicenow and the identity provider.
If my answer has helped with your question, please mark it as correct and accepted solution.
Thanks,
Karan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 01:24 PM
Thank you so much for the feedback, that is very helpful. Just to clarify, our users use the following address to reach ServiceNow https://companyname.service-now.com/navpage.do so is the following the correct property value https://companyname.service-now.com
Also, how did you verify testing for this, just curious if you performed any unique test cases?
Thanks
Gemma
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 01:42 PM
@Gemma4 , yes the value is correct
I'm not sure on the testing part, need to check
If my answer has helped with your question, please mark it as helpul and accepted solution.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2023 01:51 PM
Thank you, I suppose I can test out functionality in my pdi before going forward with this. Did you configure any of your clone settings so this setting isn't wiped out from a clone? For example a clone from prod to dev should not copy the prod url to dev since the url's will be different. Last question, I promise 😀
