Unsafe Request Errors in the Infor CRM (formerly Saleslogix) 8.2 Web Client

When you are running Infor CRM 8.2 there is a new setting in the web.config that attempts to validate “safe” postbacks. What this means is it throws errors when attempting to save data with special characters. This of course is likely to happen in Infor CRM where users need to enter all kind of data.

The error is something like:
The following unsafe request form value was detected: “…y Shepard <iamsafe…”. Please correct the unsafe character sequence(s). Criteria: If the < (less than sign) is followed by a letter, ! (exclamation), / (slash), or ? (question mark) it’s considered unsafe (i.e. it looks like a tag or an HTML comment); if the & (ampersand) is followed by a # (pound sign) it’s considered unsafe as well (e.g. ©). HTTP status: AjaxHttpRequestValidationResponse (580).

Luckily fixing this is fairly easy. In the web.config file look for “validateRequest”. This is on line 78 in an OOTB web.config file:

<pages validateRequest="true" enableEventValidation="false" viewStateEncryptionMode="Never">

Simply change the validateRequest from true to false:

<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode="Never">

In addition, any version of Infor CRM that is using .NET 4.0 or higher, you’ll need to change the validation mode. Locate the web.config line that reads:

<httpRuntime requestValidationMode="4.5" targetFramework="4.5" />

and change the requestValidationMode from “4.5” to “2.0” like this:

<httpRuntime requestValidationMode="2.0" targetFramework="4.5" />

In my opinion this setting should be changed in all implementations as it is too restrictive with the kind of application that Infor CRM is.

Want content like this delivered to your inbox? Sign up for our newsletter!

Kris Halsrud

Kris Halsrud is a Senior Analyst / Developer for Customer FX Corporation.

Submit a Comment

Your email address will not be published. Required fields are marked *