Skip to Content
avatar image
Former Member

x-CSRF Token Purpose in Gateway

Hi,

1. May i know the purpose of x-CSRF token?

2. Is it mandatory to use this token in Production environment? Currently we are calling oData service without x-CSRF token. is it ok to go live without this token.

3. In case if we need to add x-CSRF token do we need to change the existing code(which works fine)

Tags edited by: Jitendra Kansal

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Jan 01, 2015 at 03:04 AM

    Hi,

    This CSRF (Cross-site request Forgery) a type of attack, when attacker tires to send malicious requests from a website that user visits to another site where the victim is authenticated.Prevention from this attack is based on keeping security token during user's session and providing it with every modify operation (PUT, POST, DELETE). If the provided token is not correct, gateway responds with HTTP 403 ("Forbidden") return code.

    Check below write-ups for more info:

    Gateway protection against Cross-Site Request Forgery attacks

    Issues with CSRF token and how to solve them

    Regards,

    JK

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 02, 2015 at 07:59 AM
    Add comment
    10|10000 characters needed characters exceeded