Class CsrfHeaderFeature
- java.lang.Object
-
- ch.ivyteam.ivy.rest.client.security.CsrfHeaderFeature
-
- All Implemented Interfaces:
javax.ws.rs.core.Feature
public class CsrfHeaderFeature extends Object implements javax.ws.rs.core.Feature
Adds the 'Cross Site Request Forgery (CSRF)' protection header to modifying REST requests.This header must be set by all clients, firing against an Axon Ivy Engine REST API with default configuration.
However, some APIs may disabled the default enabled CSRF protection on the Engine. Then this header is not interpreted by the Axon Ivy Engine. See the property
REST.Servlet.CSRF.Protection
in theivy.webserver.yaml
https://owasp.org/www-community/attacks/csrf
- Since:
- 9.2
- API:
- This is a public API.