Question

6
Replies
388
Views
HenryA80 Member since 2015 53 posts
Veteran Careers First
Posted: January 6, 2020
Last activity: January 7, 2020

CSRF Protection

Our cybersecurity team scanned our PEGA 7.2.2 Dev environment. The results show a medium vulnerability for ‘HTML form without CSRF protection’. After reading the PDN article, PEGA recommends implementing the following settings.

  • security/csrf/secureall
  • security/csrf/mitigation
  • XML/AllowDocTypes

After adding these settings and restarting server, our cybersecurity team performed another scan. However, the results were the same. Can anyone help us understand how to remedy the issue…

PEGA Articles:

***Moderator Edit-Vidyaranjan: Updated SR details***

Security SR Created
Share this page LinkedIn