We have applied Bot protection for our application. On the first attempt it failed since the ChatBot in the applications stopped working. I don't have much details what happened then but below are few points I got to know about when attempting for the 2nd time.
Device ID was enabled
When a client access the ChatBot the requests re-directs to an external domain. Say
abc.com is the domain where the application resides
xyz.com is the domain where clients are re-directed when accessing the ChatBot
One observation from Devs is that TSPD_101 cookie inserts an extra field in the which eventually crashes the ChatBot
Per K30023210, ASM strips TS cookies before forwarding the request to OWS....Is that correct?
If ASM still forwards requests along with TS cookies, is there any workaround?
As per my understanding TS cookies, thru java scripts, collect client information. But in our case it injected an extra field. Is that expected/ normal?
If it is expected/ normal, is it possibled to exclude certain form/ scripts from TS cookie inspection?
Is there a way to query the TSPD script to be able to use it in ajax in if that is required?
On 2nd attempt, I have disabled Device ID and whitelisted external domain xyz.com. It's