Configure Miscellaneous Settings for Web Applications
Several web.config files contain certain settings for the CSM Web Applications, including the Browser Client, CSM Portal, and, in some cases, the Cherwell® REST API. These settings are handled by Overwatch, and you can edit them using the Command-Line Configure utility.
For best results, restart Internet Information Services (IIS) after you modify web application settings. See Overwatch Command-Line Options for more information on available Command-Line Configure options for web applications.
Change Prompt Time-out Period
Prompts generated by a One-Step Action, expression, or stored search remain open in the web applications for 2 minutes by default. If users do not respond to the prompt within that time frame, the prompt closes.
To change the default time-out period for the Browser Client, use the Command-Line Configure utility to pass the following command to Overwatch:
/updatebrowserclientsettings /UIInteractionTimeoutInSeconds={number of seconds}>
To change the default time-out period for the CSM Portal, use the Command-Line Configure utility to pass the following command to Overwatch:
/updateportalsettings /UIInteractionTimeoutInSeconds={number of seconds}>
Disable Label Resizing
We do not recommend disabling label resizing.
While not recommended, to disable the resizing of labels that are set to dynamically auto-size in the Browser Client, use the Command-Line Configure utility to pass the following command to Overwatch:
/updatebrowserclientsettings /AutoSizeLabels=False
To disable the resizing of labels that are set to dynamically auto-size in the CSM Portal, use the Command-Line Configure utility to pass the following command to Overwatch:
/updateportalsettings /AutoSizeLabels=False
Disable Scripts in Reports
By default, users can run a report that contains scripts if they have rights to run the report. You can disable scripts from running in all reports, however. This may cause errors when users run reports that contain scripts, but may improve security.
By default, scripts are enabled for reports.
To disable scripts in all reports in the Browser Client, use the Command-Line Configure utility to pass the following command to Overwatch:
/updatebrowserclientsettings /allowscriptsinreports=false
To disable scripts in all reports in the CSM Portal, use the Command-Line Configure utility to pass the following command to Overwatch:
/updateportalsettings /allowscriptsinreports=false
Execute Embedded HTML and Script
We do not recommend allowing embedded HTML and script.
To allow HTML and script embedded in labels to be executed in the Browser Client, use the Command-Line Configure utility to pass the following command to Overwatch:
/updatebrowserclientsettings /AllowUnsafeLabels=True /AuthLogFile={filepath}
To allow HTML and script embedded in labels to be executed in the CSM Portal, use the Command-Line Configure utility to pass the following command to Overwatch:
/updateportalsettings /AllowUnsafeLabels=True /AuthLogFile={filepath}
HTTPS-Only Cookies
In production environments, we strongly recommend that sensitive cookies (like those used to maintain your session) be marked as "Secure," meaning they will only be transferred with requests that are made over HTTPS, and HTTP-only. They will not be accessible to Javascript running in the browser.
In order to take advantage of this configuration, perform the following steps:
- Ensure the web application is running on an IIS instance that listens on both :80 (HTTP) and :443 (HTTPS).
- Ensure IIS (or a web.config file, or some other handler) is set up to automatically redirect http://hostname/path to https://hostname/path.
- Add the following line to these web.config files:
- C:\Program Files\Cherwell Browser Applications\Portal
- C:\Program Files\Cherwell Browser Applications\CherwellClient
- C:\Program Files\Cherwell Browser Applications\CherwellService
<httpCookies httpOnlyCookies="true" requireSSL="true" />
For more details, see https://msdn.microsoft.com/en-us/library/ms228262(v=vs.100).aspx.
In-line Browser Display Extensions
To specify other in-line browser display extensions that should open inside of a browser window in the Browser Client, use the Command-Line Configure utility to pass the following command to Overwatch:
/updatebrowserclientsettings /InlineBrowserDisplayExtensions={.pdf or .xml file name}
To specify other in-line browser display extensions that should open inside of a browser window in the CSM Portal, use the Command-Line Configure utility to pass the following command to Overwatch:
/updateportalsettings /InlineBrowserDisplayExtensions={.pdf or .xml file name}
Browsers that are not Microsoft Edge (example: Chrome™, Mozilla Firefox®, etc.) handle in-line browser display extensions more automatically, but Edge requires this to be set. PDF and XML files are handled this way by default.