Enforce relative links (instance security hardening)
Use the glide.cms.catalog_uri_relative property to enforce
relative links from the URI parameter on /ess/catalog.do.
- When set to true, only relative URLs are permitted through the
/ess/catalog.dopage using the uri parameter. When set to false, all URLs are permitted, which may permit linking to external unauthorized content.
More information
| Attribute | Description |
|---|---|
| Property name | glide.cms.catalog_uri_relative |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To restrict attempts to link external unauthorized content. |
| Recommended value | true |
| Functional Impact | This remediation enforces validation on Catalog page such that only Relative URLs are permitted. Existing links to external web applications become broken. |
| Security risk | (High) Absolute URLs can pose a security risk when used as a part of parameter or a field value, thus redirecting the source page to an adversary-controlled website. |
To learn more about adding or creating a system property, see Add a system property.