Vulnerability in EPiServer.Forms
We are using the latest EPiServer.GoogleAnalytics v2.2.1 and, in our DXC environments, the whole dashboard breaks and is completely blank if we add the Google Analytics gadget. It has the console error "GET https://integ.eboshealthcare.co.nz/EPiServer/Shell/11.6.0/ClientResources/epi-googleanalytics/components/GaDashboardComponent.js 404 ()" - from looking through the network requests this does look like the first thing to go wrong.
I might be on the wrong track, but I’m trying to figure out why our loca requests this seemingly correct URL (which works):
Whilst the DXC environments end up requesting this URL instead (and gets a 404):
The root of those paths differs from “/EPiServer.GoogleAnalytics/2.2.1/ClientResources/Scripts/” to “/EPiServer/Shell/11.6.0/ClientResources/epi-googleanalytics/” – so it seems that the DXC environments are going relative to the CMS UI shell’s ClientResources, whereas our locals go to the GA package’s own ClientResources path.
There's nothing I can think the Azure (DXC) environment would affect this - but I also can't see anything we're doing with the deployment that should mess with the package.. Perhaps if there's anything specific I should check for let me know so I can nosey around what we actually have deployed - I just don't know what to look for yet.
Packages we’re using:
Have fixed this issue in our DXC environment by simply deleting the protected modules folder for the GoogleAnalytics plugin. Noticed an extra module.config file outside the zip file, which mismatched what was on my local environment - so that led me to believe we had some old files that hadn't been cleaned up on deploy probably during a newer version of the plugin being deployed.