Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0]
-
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Platform Security
Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0]
Use the glide.security.use_csrf_token property to ensure the use of a secure token to identify and validates incoming requests, which in turn are used to prevent these attacks.
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.This property enables usage of a secure token to identify and validate incoming requests. This token is used to prevent cross site request forgery attacks. If glide.security.use_csrf_token is not set to the recommended value of true, then CSRF is possible.
More information
| Attribute | Description |
| Property name | glide.security.use_csrf_token |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Purpose | To protect the application from potential CSRF attack. |
| Security risk rating | 8.1 |
| Recommended value | true |
| Default value | true |
| Functional impact | This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it. |
| Security risk | (High) Cross Site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack by abusing the trust of an instance user. With the help of social engineering attacks, a user can submit a malformed request on behalf of the attacker on the instance. |
To learn more about adding or creating a system property, see Add a system property.