Enforce oauth state parameter validation

Watch

Save as PDF

Share this page

Feedback

HomeVancouver Platform securityPlatform SecurityHardening settingsAccess controlEnforce oauth state parameter validation

Table of Contents

Enforce oauth state parameter validation

Release version:
Vancouver
Yokohama
Xanadu
Washington DC
UpdatedFeb 1, 2024
1 minute read

Vancouver
Now Platform Security

The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.

Configure the glide.oauth.state.parameter.required property to prevent your instance from cross-site request forgery (CSRF) attacks.

The glide.oauth.state.parameter.required property enables the State parameter to be required in an OAuth request for authorization code flow. The State parameter is a string value that should not contain special characters or be empty. Setting this property to true ensures that an attacker cannot perform Cross-site request forgery (CSRF) attacks during authentication, which protects your instance from attacks from an impersonated user.

More information

Search:


Attribute	Description
Configuration name	glide.oauth.state.parameter.required
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	true
Default value	true
Category	Access control
Security risk	Severity score: 4.2 CVSS score: Medium Security risk details: Set this property to true to ensure that CSRF attacks are prevented.
Dependencies and prerequisites	None

Vancouver Platform security

Filters

Versions

Products