When unauthenticated users try to submit a public catalog item in Service Portal, a 400 Bad Request error occurs and they are unable to submit. This issue is due to AngularProcessor authentication restrictions.
Steps to Reproduce
Open any catalog item, for example an iPhone 6S [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e ].
For more information, see the product documentation topic Service catalog items.
- Make the item public.
Go to the Service Portal page (sc_cat_item) and make this page public.
Make any widgets associated with the sc_cat_item page public as well.
Open the item in an incognito window [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e ].
Note that although the catalog Item is public, it will not allow you to submit the item.
What needs to be done :
- Catalog Item Service Portal Page(sc_cat_item) must be made public.
- SC Catalog Item Widget must be made public.
- Catalog Checkout Widget must be made public ( For the case of two step checkout).
- SC Order Status page and the Order Status widget must be made public.
Most of the Service Catalog Service Portal widgets make use of REST API.
These REST APIs are configured to require authentication and because of this when these are triggered by a public user, they throw a 403 Unauthorized error.
All the REST APIs, used on the above mentioned pages
- Buy Item
- Submit Producer
- Validate Regex (In case the item consists of a variable which requires Regex Validation).
must be configured to function without any Authentication by unchecking the requires authentication field in the REST API configuration.
Related Problem: PRB854474