GAS 3.10 upgrade guide

These topics describe product changes you must be aware of when upgrading to version 3.10.

Important: This is an incremental upgrade guide that covers only topics related to the Genero Application Server version specified in the page title. Check prior upgrade guides if you migrate from an earlier version, and complete the migration tasks for all versions between your existing version and the target version in order. Make sure to also read about the new features for this version.

Corresponding new features page: GAS 3.10 new features.

Delegation and environment variables

Starting with GAS version 3.10, all environment variables defined via X-FourJs-Environment- HTTP headers are forced to uppercase. If you use delegation in your applications or Web services, make sure that you are not relying on case (for example title or camel case, "MyEnvVar") in the naming of parameters as there is no guarantee that it will be preserved.

Some Web servers convert all header names to lowercase, which is outside your control. To provide a consistency in use across platforms (Windows® and UNIX® ), proxies parse the HTTP headers and convert all environment variables to uppercase.

HTTP security header: X-Content-Type-Options="nosniff"

Since GAS versions 3.00.35 and GAS 3.10 (GA version), for security reasons the default header "X-Content-Type-Options" needs to be set to the value "nosniff". This is the default use in the GAS configuration file (as.xcf):
<HEADER Name="X-Content-Type-Options">nosniff</HEADER>
Use of this header blocks browsers sniffing file types, which is guessing the correct Multipurpose Internet Mail Extensions (MIME) type by looking at the file. The header blocks sniffing of script and style type files.
Warning: On Internet Explorer 11, if an image file does not have an extension, use of this header may cause that image not to display. Make sure your image files have extensions if your applications need to serve images through the Genero Application Server (GAS).

For more information, see HEADER (Common).

Delegation and URLs

To avoid query decoding issues, the delegate mechanism has been changed to follow URL RFCs by passing the delegate URL as a standard QueryString.

See How to implement delegation for more information.

OpenID Single sign-on (SSO) protocol not supported

The OpenID authentication mechanism for Single Sign-on authentication is deprecated. If you have previously used OpenID to authenticate users launching applications, you must now use an alternate method, such as OpenID Connect or SAML. Any new development requiring Single Sign-on should plan to use OpenID Connect, or SAML. See How to implement Single sign-on (SSO). For alternative solutions, please contact your Four Js support center.

Sample SSO implementation (simplesso) located on GitHub

The sample implementation of Single Sign On (SSO) for Genero is no longer provided in the FGLGWS installation at $FGLDIR/web_utilities/services/simplesso, instead it can now be found under the Four Js Genero GitHub repository. See

What does this mean for your upgrade to 3.10? If you had previously used the simplesso mechanism for your SSO service, you will need to download it from GitHub. For complete implementation instructions and its use, please see the README file in the download. For more information, see Delegation use cases and SSO custom sample (simplesso).

Parent application for a Web Service must start with "ws."

To support Genero Archive packaging, all parent applications defined in the configuration of Web Services applications must now start with "ws." See Configure applications for Web service.

Desupported GAS configuration elements

The following elements are no longer allowed or used:
  • The DVM_PINGTIMEOUT, child element of the TIMEOUT (for an application) is not supported. The GAS no longer sends a ping event when the DVM is running with GAS. No action needs to be taken.
    Note: If you have set the gui.protocol.pingTimeout in your FGLPROFILE, this setting is not used when the DVM runs with the GAS. For applications running on Genero Desktop Client (GDC) in direct mode ( without GAS), the ping event is still part of the protocol and the GDC keeps sending it as usual.
  • The FILE_TRANSFER element and its child element, TIMEOUT, are not supported.
  • The OUTPUT element which specified the parameters for rendering GWC for HTML5 Web applications is no longer supported. Starting with Genero 3.10, all UI applications should use the UA proxy instead, which is configured by the UA_OUTPUT element.

Desupported proxies

The following proxies are no longer supported:
  • The gdcproxy proxy used for GDC is no longer supported. The uaproxy proxy is now used for GDC.
  • The html5proxy proxy for Genero Web Client for HTML5 (GWC-HTML5) is no longer supported. This version of the Genero web client is no longer supported and has been replaced by the Genero Browser Client (GBC) instead. The uaproxy proxy is used for GBC.

Desupported session variables

Session variables are no longer managed in the GAS when using UAProxy. If before you used session variables to maintain states between runs of an application by means of configuring the HTTP_COOKIES element in the as.xcf file, this is no longer utilized and you will need to remove those entries.

In your 4GL code session state is set through "localStorage" front calls. Starting with version 3.10, you must use the new localStorage front calls, supported by all Genero front-ends, to dynamically set and get session state from within your Genero application. For example:
ui.Interface.frontCall("localStorage", "setItem",
   [key,value], [])

Deprecated session front calls

The session module front calls setVar and getVar are deprecated. You will need to replace these calls with calls to "localstorage". For more information, see the Local storage front calls section in Genero Business Development Language User Guide.

Alias GAS configuration elements: GWC-JS and GBC

The latest GAS version configuration file shows the following element changes:
  • GBC is now the preferred element for Genero Browser Client customization. GWC-JS is deprecated.
  • GBC_LOOKUP_PATH is now the preferred element for GBC customization look up. GWC_JS_LOOKUP_PATH is deprecated.
Whilst GWC-JS and GWC_JS_LOOKUP_PATH elements continue to be supported, we recommend you take the opportunity at this time to replace the deprecated elements (GWC-JS, GWC_JS_LOOKUP_PATH) in your application configuration files with their replacements, GBC, and GBC_LOOKUP_PATH respectively.

Apply fix for mod_proxy_fcgi URL decoding in Apache 2.4

The Apache bug 55329 preventing mod_proxy_fcgi decoding application URLs with spaces or special characters correctly has been fixed for Apache 2.4.11. This bug prevented, for example, applications with URLs like "http://server/gas/wa/r/test/220%2012", from working.

If you are using Apache 2.4.11 or later you must apply the following fix in the Apache configuration to avoid this issue:
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
For more details, see Apache 2.4: mod_proxy_fcgi or Apache 2.4: Configure mod_proxy_fcgi for remote server.

If you are using a version of Apache prior to 2.4.11, as the 4GL developer you need to be aware that you can get spaces encoded in URLs and need to handle these in your program code. It is recommended that you decode URLs before using them.