Valid package name
Thursday, June 11, 2020 at 07:22amFor over a year I have been creating packages using a JSON string as the package name (something like "{ApplicationId: 1033}"). I do this because the package name comes through in the event callback notification, and I can easily deserialize the package name and extract some information that is useful to our business practice. Anyway, this is still working in Production, but when testing something in our Sandbox yesterday, I got the error:
[EslServerException: The remote server returned an error: (400) Bad Request. HTTP POST on URI https://sandbox.esignlive.com/api/packages. Optional details: {"technical":"Failed to deserialize json string to target type com.silanis.esl.api.model.Package","messageKey":"error.validation.invalidJson","message":"Invalid JSON.","code":400,"name":"Validation Error"}]
After some troubleshooting, I realized that using braces/curly brackets in the package name seemed to be the problem. If I don't use braces in the package name, the package is created without error. In addition, when I try to view the dashboard or the transaction page in the web ui, I get an error ("Something went wrong and your request could not be completed. Please try again."). I'm wondering if if can't load my transactions because they all have suddenly invalid package names? This only happens in Sandbox, not Production.
Are braces allowed in package names? If not, when did this change? Any other explanation for the above? Thanks.
Reply to: Valid package name
Thursday, June 11, 2020 at 01:00pmHi jerrade,
Thanks for reporting this to us! I can reproduce the issue on my end, seems that it only affects the 11.34 version.
I've created a support ticket on your behalf and our support team will reproduce the issue and report this to R&D. We will reply back to you as long as there's any updates on the ticket.
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer
Reply to: Valid package name
Sunday, June 14, 2020 at 07:54pmI received an email from someone on your support team informing me that version 11.34 is planned to be deployed to production on Jun 16th. I can adjust our process to not use braces in the package name, but we have thousands of existing packages that do have braces in the package name, and version 11.34 apparently makes them inaccessible via the web UI. Is this a bug, or was it an intentional change? It sounds to me like the release should be delayed until this issue is resolved.
Reply to: Valid package name
Monday, June 15, 2020 at 09:56amUpon further testing, we are also unable to retrieve existing packages via the api, or generate functioning signing urls via the SDK. Essentially, this is a breaking change for us.
Reply to: Valid package name
Tuesday, June 16, 2020 at 10:07amHi Jerrade,
I believe our support team has replied back to you per this issue: Not allowing transaction name to include curly brackets is a new restriction, as part of the XSS protection. However, it shouldn't affect existing packages. We are informed by R&D team that this code changes won't be pushed to US2 production environment until it's more properly implemented. Again, thanks for bringing it up to us!
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer