Genesys Cloud - Main

 View Only
Discussion Thread View
  • 1.  How is domain restriction enforced for things like messenger deployments?

    Posted 03-09-2023 14:24

    Hi everybody

    Can anybody tell me how exactly domain restriction is enforced when setting something like a messenger deployment to only be accessible from certain domains?  Does it look for something in the headers or something else more intelligent?


    #ArchitectureandDesign
    #Security

    ------------------------------
    Vaun McCarthy
    ------------------------------


  • 2.  RE: How is domain restriction enforced for things like messenger deployments?

    GENESYS
    Posted 03-09-2023 15:50

    Hi Vaun - backend check happens based on Origin header from incoming HTTP request.



    ------------------------------
    Angelo Cicchitto
    Genesys - Employees
    ------------------------------



  • 3.  RE: How is domain restriction enforced for things like messenger deployments?

    Posted 03-09-2023 16:14

    Thanks Angelo, so someone could theoretically spoof that header to bypass the domain restriction?



    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 4.  RE: How is domain restriction enforced for things like messenger deployments?

    GENESYS
    Posted 03-09-2023 16:49

    Browsers do not allow JavaScript to manipulate or tamper with that header, access is forbidden.



    ------------------------------
    Angelo Cicchitto
    Genesys - Employees
    ------------------------------



  • 5.  RE: How is domain restriction enforced for things like messenger deployments?

    Posted 03-09-2023 16:53

    I've done some testing and have been able to fairly simply bypass this domain restriction using a local webserver and modifying the hosts file.



    ------------------------------
    Vaun McCarthy
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources