CSRF Validation
This interceptor is used along with the CSRF generator interceptor to prevent cross-site request forgery (CSRF). It validades the token generated by the CSRF generator interceptor. Read more about CSFR and how to create a token here.
If the OAuth interceptor is already inserted in the flow, there’s no need to add the CSRF Generator/CSRF Validation interceptors to prevent attacks, since the OAuth feature imposes the inclusion of a token in the call.
|
The interceptor must be inserted in the request flow of an operation that has CSRF generator in its response flow):
![csrf flow](_images/csrf-flow.png)
Configuring the interceptor
To configure it, insert the same token location and name that is informed in the CSRF Generator settings.
![CSRF validation](_images/CSRF_validation.png)
By doing so, any request coming from an unexpected or containing an expired token will be barred by the system, avoiding a CSRF attack from happening.
Share your suggestions with us!
Click here and then [+ Submit idea]