Empty CSRF Token
We are in the process of turning on CSRF mitigation using the following DSS settings: security/csrf/mitigation = true , security/csrf/secureall = true
When reviewing the application html source, it looks like the CSRF token is not being populated. Here is a snippet of html code from the application:
"pega.d" : { "pyUID": "gdamore", "csrfToken": "",
Accepted Solution
Posted: 2 years ago
After further investigation, we discovered that the owning ruleset was incorrect. Once we changed it to "Pega-Engine" , the token values started being generated.