I have to enable CSRF Guard in our production environment urgently to fulfill certain security requirement:
- From the SAG documentation things are not pretty clear here.
- I have followed the steps an enabled it along with Excluded User Agents, Landing Pages and Unprotected URLs, though I am not sure if I have included everything but while trying so I am getting the below error only once, after that everytime I am invoking the service via HTTPS URL I am not getting anything.
- I am not very clear here on changes, if any, around DSP files (if yes which ones) from WmRoot package
One time error: CSRF attack detected. CSRF token is not present in the request URL: WmRoot/security-csrf-edit.dsp
Any lead around details must be appreciated.