Skip to content

Cross Site Forgery Protection

Jump to bottom
KevM edited this page Oct 13, 2014 · 1 revision

Agent automatically protects from Cross Site Request Forgery by inserting an anti-forgery token into each POST, PUT, or DELETE operation via the HTTP header or the form.

csrf_http_header

The anti-forgery token sent with each operation needs to match the encrypted HTTP only cookie.

csrf_cookie

Server side these two pieces of information are matched to ensure that the request is not coming from a rogue script or man in the middle.

Disabling Forgery Protection

When testing new or existing endpoints it is very helpful to be able to disable CSRF protection. This is easy to do with a simple application setting.

<appSettings>
  <add key="WebSecuritySettings.DisableAntiForgery" value="true"/>
  <!-- snip -->

We hope you enjoyed this helpful Agent training document. If you see an error or omission please feel free to fork this repo to correct the change, and submit a pull request. Any questions? Contact Support.

Home

Frontend

Backend

Customization Scenarios

Clone this wiki locally