I've implemented the SEC_VALID_ENDUSER_HOSTS configuration setting on my site, Why can't some users use scripts located in the Custom Scripts folder?
Environment:
Oracle B2C Service, Version 18A or above
Issue:
Various customizations relying on code located in the custom scripts folder have stopped working after we started using the 'ENDUSER_HOSTS' configuration settings on our site.
Resolution:
This can be resolved by adding the IP address of the end user experiencing problems to the SEC_VALID_ENDUSER_HOSTS configuration setting. This will ensure they have access to any end user accessible custom scripts in your site's custom scripts folder.
Cause:
Beginning in version 18A, The 'ENDUSER_HOSTS' configuration settings will block access to all end user accessible files for your site. This includes not only your Customer Portal pages, but also any other files accessible through WebDAV including the custom scripts folder. This change was made to better align with the expectation that the 'ENDUSER_HOSTS' configuration settings would prevent access to all end user accessible files.
※ Some of the core files under euf/assets/ are required to run end user pages, so they can't be locked down, which means that the 'ENDUSER_HOSTS' configuration settings will NOT block access to files under euf/assets/ folder.
Notes:
Please be aware that any mention of 'ENDUSER_HOSTS' configuration settings refers to both the SEC_VALID_ENDUSER_HOSTS and SEC_INVALID_ENDUSER_HOSTS configuration settings. If you are not familiar with these please review Answer ID 245: Restricting computers or hosts that can access the Oracle B2C Service console and end-user pages for more information.
