735 views

Description

When attaching files using the HTML editors, users get prompted for authentication with a login prompt because the attachment mechanism uses an internal call using Jquery, javascript library, that calls for authentication. However, the required X-UserToken is not sent by default with jQuery, which prompts for credentials.

Adding image attachments to a KB article in pre-Jakarta causes an authentication prompt to come up, even when the user is logged in and has a valid session. Clicking Cancel on this login prompt allows the attachment to be attached successfully.

 

Steps to Reproduce

  1. Navigate to Content Management, Static HTML, select the Thank you record.
    For example, <instance>/content_block_static.do?sys_id=9043d03b0a0a0bf00160c5a2b2e7ae67
  2. On the Editor, click on the insert/edit image icon. Select Type = Attachment.
  3. Select Choose File and Attach.
  4. The Authentication Required displays



Workaround

If cancelling, reopen the dialog to see the image on the list. If entering the login information, the message does not appear any more during that session.

Alternatively, attach the images or attachments on the form itself instead of by the HTML editor, then on the editor, select the image from the list. There is no need to use the attachment feature. 

X-UserToken not sent by default with jQuery - users receive login/authentication prompt when trying to attach files.

Script is already public here:
https://community.servicenow.com/thread/269549

Advanced workaround:

Create the following UI Script:

Name: PRB716923 Workaround
Global: True
Script: 

/**
* Configure ServiceNow-bound AJAX requests from jQuery to add UserToken if needed
*/
(typeof jQuery !== "undefined") && (function(b) {
    function setToken() {
	// Make sure cross domain requests do not send a user token
        b.ajaxPrefilter && b.ajaxPrefilter(function(a) {
            a.crossDomain || (a.headers || (a.headers = {}), a.headers["X-UserToken"] = window.g_ck || "token_intentionally_left_blank")
        })
    }
    b && (setToken(), CustomEvent.observe("ck_updated", setToken))
})(jQuery);

 

Original script ****

Create the following UI Script:

Name: PRB716923 Workaround
Global: True
Script: 

 

/**
 * Configure ServiceNow-bound AJAX requests from jQuery to add UserToken if needed
 */
(function($) {
  
    if (!$) return;
    setToken();
    CustomEvent.observe("ck_updated", setToken);

    function setToken() {
        // Make sure cross domain requests do not send a user token
        $.ajaxPrefilter(function(options) {
            if (!options.crossDomain) {
                if (!options.headers) options.headers = {};
                // if token value is not present, spoof a token to avoid basic auth challenge
                var token = window.g_ck || "token_intentionally_left_blank";
                options.headers["X-UserToken"] = token
            }
        })
    }
})(jQuery);

Related Problem: PRB716923

Seen In

There is no data to report.

Fixed In

Jakarta

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-06-12 01:38:09
Published:2018-05-09