Class CsrfHeaderFeature
java.lang.Object
ch.ivyteam.ivy.rest.client.security.CsrfHeaderFeature
- All Implemented Interfaces:
javax.ws.rs.core.Feature
Adds the 'Cross Site Request Forgery (CSRF)' protection header to modifying REST requests.
This header must be set by all clients, firing against an Axon Ivy Engine REST API with default configuration.
However, some APIs may disabled the default enabled CSRF protection on the Engine.
Then this header is not interpreted by the Axon Ivy Engine.
See the property REST.Servlet.CSRF.Protection
in the ivy.webserver.yaml
https://owasp.org/www-community/attacks/csrf
- Since:
- 9.2
- API:
- This is a public API.