Starting October 15, 2024, secure Iparams will undergo a significant change in how they are handled on the frontend:
Key changes
- On custom iparam pages, secure iparams can be added in nested JSON as objects. Any nested objects marked as secure will no longer be accessible from the frontend app.
- If your app uses secure iparams, ensure they are not used in the frontend, as they will return undefined when accessed by key.
Date
October 15, 2024
More about nested secure iparams
- Secure Iparams are always invisible when used on the frontend app. However, when used in nested objects in the custom installation page (iparams.html), they were accessible in the frontend with object property accessors which is not intended.
Example definition of nested secure iparams:
function postConfigs() {
return {
__meta: {
secure: [oneLevelNested, oneLevelNestedDot.key, oneLevelNestedBracket["key"], multiLevel["default"].key, multiLevel["default"]["token"]]
},
oneLevelNested: {
"key": "value"
},
oneLevelNestedDot:{
"key": {
"test": "value"
}
},
oneLevelNestedBracket:{
"key": {
"test": "value"
}
},
multiLevel: {
"default": {
"key": "value",
"token": "value"
}
}
};
};
- By default, secure parameters defined in the iparams.json file are always inaccessible from the frontend. Defining them as objects is not possible.
Please review and update your app configurations before this change goes live.
Thank you for your attention to this update as we continue to improve platform security.