Security violations max length

I got exception in Eximee logs

Security violations found in service params: SecurityValidationResult(violations=[ServiceSecurityViolation(super=SecurityViolation(exceptionMessage=Param string length (281) exceeded the hard limit (256), level=WARN, validationMessageKey=IEW_SECURITY_MAX_LENGTH), serviceName=callServiceProxy)])

Even when I changed configurations



Provided configuration looks fine and maxLength should work, but log says otherwise. So my guess is that:

  • there might be typo in service name in Your configuration or in code which attempts to call service,

  • configuration might be misplaced. Service configuration should be placed in in webforms.xml.

Provided log contains serviceName callServiceProxy. This is default service name used when the provided one was not found in configuration or it is not enabled (enabled tag is missing or it is set to false). Another sign of missing/invalid configuration is part with hard limit (256), 256 is default value when no configuration is found.

One more thing, it is important to add this configuration not only in current configuration but also in installation bundle. As configuration from bundle overrides existing one.