For added security, a new feature is introduced with K2 Cloud Update 17 to handle all errors for anonymous views and forms.
Often when an error occurs through a SmartForm, the error does not contain a generic message, instead the full error message is shown from the underlying coding frameworks. Although detailed errors are useful to solution designers, they pose a security risk as this information can be used by potential attackers to understand the underlying platform and find a potential vulnerability.
To reduce the risk of errors leaking information, the anonymous error handling feature returns a generic message containing a CorrelationID when the authentication context is anonymous. Full error messages are still shown to authenticated users for forms that require authentication. By only showing full error messages to authenticated users, the risk is reduced so that internet facing forms that do not require authentication prevents information disclosure.
When an error occurs on an anonymous view or form in K2 Cloud Update 17, the error message now contains a generic message with a CorrelationID. In versions prior to K2 Cloud Update 17, you could see the full error message and use these details from the Error context fields in rules. See How does this change affect existing anonymous views and forms and Considerations for more information about Error context fields.
Anonymous views and forms:
The image below shows an example of an error containing a CorrelationID.
When such an error occurs, the full error details can be found in Windows Event Viewer>Applications and Services Logs>K2, and can be identified using the CorrelationID from the message.
Only Nintex Customer Central can access the full error details from the Windows Event Viewer. We recommend you follow the next steps to test and debug an error on an anonymous view or form before contacting Nintex Customer Central.
If you can’t resolve the issue following the above steps and you need more details about an error message, contact Nintex Customer Central and provide them with the CorrelationID from the message.
The new feature is enabled on all K2 Cloud Update 17 tenants except if anonymous views or forms exist on the tenant that use Error context fields prior to upgrading to K2 Cloud Update 17. This is to allow you to update your views and forms by removing the use of Error context fields. Once you are done, you can contact Nintex Customer Central to enable the feature.
If you are not concerned about this security risk and want to disable the feature because you need detailed errors or are using specific rules to handle the errors, you can contact Nintex Customer Central to disable the setting.