You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

OFSC Plugins - Disabling Client-Side Debug Function in Production Environments

in Field Service

Hi Team,

We have identified the presence of a client-side debug function, setOfscDebugModes() in the OFSCPlugin which can be invoked directly from the browser console. When enabled, this function exposes information about stages of initialization and all post messages between OFSC Application and plugin.

During our testing, we observed that this debug mode displays information that includes masked secure parameters in clear text, and also exposes authentication tokens obtained via callProcedure methods. From a security standpoint, this presents a significant risk in production and other client-facing environments, as these details could potentially be accessed by any user with browser console access.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!