We are using IntraWeb 15.2.36 and have an issue where we need to be able to remove or alter the Payload in the Response Header for a 303 redirect. During the application sign-on process the user-id and password are in the Request, but they are also being returned in the Payload of the Response header. How can we remove or alter the Response payload in IntraWeb?
Steps for Verification:
1. Login to the application while intercepting the request through a proxy.
2. Notice that the 303 response to the login POST request contains the password in cleartext.
(See attached screen print)
![.docx]( "Microsoft Word 2007 Document")
303 Response Header.docx (Size: 460.37 KB / Downloads: 2)
Steps for Verification:
1. Login to the application while intercepting the request through a proxy.
2. Notice that the 303 response to the login POST request contains the password in cleartext.
(See attached screen print)
303 Response Header.docx (Size: 460.37 KB / Downloads: 2)