CSRF Attack Prevention
In a Cross-site Request Forgery (CSRF) attack, a HTTP request gets sent from a victim’s browser to a usually authenticated target destination in order to perform an action as the victim.
Ivy applications are well protected from this kind of attack under the following conditions:
You are using our standard HTML Dialogs (JSF) technology stack. See HD CSRF Protection on how JSF is protecting these dialogs.
For REST calls the setting
REST.Servlet.CSRF.Protection
is set to true. This is also the default setting. See Secure REST APIs for more information.