In the upcoming SuperOffice v11.3 release, we are introducing a new security property for CRMScripts that lets you define which HTTP verbs are allowed when executing a script via specific endpoints.
This property applies only when a script is executed via:
- `blogic.fcgi?action=doScript`
- `customer.fcgi?action=safeParse` or `customer.fcgi?action=printBin`
Scripts run in triggers, scheduled tasks, or other internal contexts are not affected by this setting.
What you can do with it
- Block all verbs to prevent a script from being run through the above endpoints.
- Allow only specific verbs (e.g., GET, POST, PUT) when creating custom API endpoints.
This gives you finer control over script execution and improves overall security.
Default behavior
- For existing scripts: All verbs will be enabled by default in v11.3.
- When creating scripts through the CRMScript Agent: If the new property is omitted from the payload (as will be the case for most existing integrations), all verbs will be enabled by default.
- When creating a script via the GUI: All verbs will be disabled by default, letting you explicitly choose which ones to allow.
13 Aug 2025 | 06:59 AM
All Replies (2)
Add reply
info
Please log in to post a reply.