Package ch.ivyteam.ivy.rest.client.security

Class CsrfHeaderFeature

java.lang.Object

ch.ivyteam.ivy.rest.client.security.CsrfHeaderFeature

All Implemented Interfaces:

javax.ws.rs.core.Feature

public class CsrfHeaderFeature
extends Object
implements javax.ws.rs.core.Feature

Adds the 'Cross Site Request Forgery (CSRF)' protection header to modifying REST requests.

This header must be set by all clients, firing against an Axon Ivy Engine REST API with default configuration.

However, some APIs may disabled the default enabled CSRF protection on the Engine. Then this header is not interpreted by the Axon Ivy Engine. See the property REST.Servlet.CSRF.Protection in the ivy.webserver.yaml

https://owasp.org/www-community/attacks/csrf

Since:

9.2

API:

This is a public API.