CsrfHeaderFeature (Axon Ivy Public API (Version 9.3.5.2207291423))

java.lang.Object
- ch.ivyteam.ivy.rest.client.security.CsrfHeaderFeature

All Implemented Interfaces:

javax.ws.rs.core.Feature
```
public class CsrfHeaderFeature
extends Object
implements javax.ws.rs.core.Feature
```
Adds the 'Cross Site Request Forgery (CSRF)' protection header to modifying REST requests.
This header must be set by all clients, firing against an Axon Ivy Engine REST API with default configuration.

However, some APIs may disabled the default enabled CSRF protection on the Engine. Then this header is not interpreted by the Axon Ivy Engine. See the property REST.Servlet.CSRF.Protection in the ivy.webserver.yaml

https://owasp.org/www-community/attacks/csrf

Since:

9.2

API:

This is a public API.