Discussions
Banning SuiteScript functions for making HTTP(s) requests in an unauthenticated client-side context
This notice is intended for customers who are using SuiteScript functions for making outbound HTTP(s) requests in an unauthenticated client-side context. Affected users must hide such requests behind a suitelet, available without login.
What is Changing?
Effective March 13, 2023, the usage of the following SuiteScript functions will be forbidden in an unauthenticated client-side context:
- SuiteScript 1
- nlapirequestURL()
- SuiteScript 2
- N/http: request(), get(), post(), put(), delete()
- N/https: request(), get(), post(), put(), delete()
The only exception is inbound (same domain) requests.
Recommended Actions
Identify which scripts are affected. This involves checking suitelets available without login and their dependencies (particularly client scripts). Look for the usages of the affected functions there.
Regards,
@Robert Nedelkow-Oracle | NetSuite Support Community Administrator
Earn Community badges now! Refer a Member | Answer Accepter