umbraco forms qualys scan formid theme editable - Using Umbraco and getting started

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

lori ryan 239 posts 573 karma points

Feb 02, 2021 @ 17:38

Umbraco forms Qualys scan - formId, Theme verbose errors

Umbraco forms The qualys security scan is appending items to the formId and theme on the umbraco forms causing verbose errors.

Although I have a custom 500 page there its able to get through to the YSOD.

Is there any way to 1) Stop the formId and Theme from being editable (Ive tried editing the render and making them disabled but that stops the form working)

2) Clean these fields on submit

My 500 page is set up as follows

  <system.web>
<customErrors mode="Off" redirectMode="ResponseRewrite" defaultRedirect="~/500.aspx">
    <error statusCode="400" redirect="~/400.aspx"/>
    <error statusCode="404" redirect="~/404.aspx"/>
    <error statusCode="500" redirect="~/500.aspx"/>
</customErrors>

   System.webServer
          <httpErrors errorMode="Custom" existingResponse="Replace" > 
              <remove statusCode="404" subStatusCode="-1" />
                 <remove statusCode="500" subStatusCode="-1" />
                <error statusCode="404" path="404.html" responseMode="ExecuteURL"/>

                <error statusCode="500" path="500.html" responseMode="File"/>
        </httpErrors>

  <location path="media">
        <system.webServer>
            <httpErrors errorMode="Custom" existingResponse="Replace">
                <remove statusCode="404"/>
                <error statusCode="404" path="404.html" responseMode="File"/>
            </httpErrors>
        </system.webServer>
    </location>

Copy Link

lori ryan 239 posts 573 karma points

Jun 24, 2021 @ 11:31

0

guys just wondeirng if anyone else came across this

Copy Link
is working on a reply...

Please Sign in or register to post replies