CSRF Validation
This interceptor is used along with the CSRF generator interceptor to prevent cross-site request forgery (CSRF). It validades the token generated by the CSRF generator interceptor. Read more about CSFR and how to create a token here.
If the OAuth interceptor is already inserted in the flow, there’s no need to add the CSRF Generator/CSRF Validation interceptors to prevent attacks, since the OAuth feature imposes the inclusion of a token in the call.
|
The interceptor must be inserted in the request flow of an operation that has CSRF generator in its response flow):
Configuring the interceptor
To configure it, insert the same token location and name that is informed in the CSRF Generator settings.
By doing so, any request coming from an unexpected or containing an expired token will be barred by the system, avoiding a CSRF attack from happening.
Share your suggestions with us!
Click here and then [+ Submit idea]