Enable Cross-Site Request Forgery Protection (CSRF)

Cross-Site Request Forgery (CSRF) is an exploit where the attacker impersonates a valid user session to gain information or perform actions on behalf of the user.

In Exalead CloudView, protection against CSRF is implemented via a token. You can associate this token with an expiration date if required. You can configure it in the Mashup Builder (General > Application properties).

Note: If you need to apply CSRF protection to custom widgets using POST forms, add <render:crsf /> within the <form> tag.

See Also
Secure Custom Developments
Enable Phishing Protection
Enable Clickjacking Protection
Control IP Address Binding
  1. Go to the Mashup Builder (http://<HOSTNAME>:<BASEPORT+1>/mashup-builder).
  2. In General > Application properties, select Enable CSRF protection.
    The CSRF token lifetime field displays.
  3. Enter the validity (in minutes) of the token. If the token must always apply, leave the field empty.
  4. Click Apply.