Question

1
Replies
551
Views
 Joseph D'amore (DAMOREJ1)
Rulesware LLC
LSA
Rulesware LLC
CA
DAMOREJ1 Member since 2007 10 posts
Rulesware LLC
Posted: March 12, 2018
Last activity: March 13, 2018
Posted: 12 Mar 2018 14:59 EDT
Last activity: 13 Mar 2018 7:31 EDT
Closed
Solved

Empty CSRF Token

We are in the process of turning on CSRF mitigation using the following DSS settings: security/csrf/mitigation = true , security/csrf/secureall = true

When reviewing the application html source, it looks like the CSRF token is not being populated. Here is a snippet of html code from the application:

"pega.d" : { "pyUID": "gdamore", "csrfToken": "",

System Administration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.

Accepted Solution

Posted: 3 years ago
Posted: 12 Mar 2018 16:56 EDT
Joseph D'amore (DAMOREJ1)
Rulesware LLC
LSA
Rulesware LLC
CA

After further investigation, we discovered that the owning ruleset was incorrect. Once we changed it to "Pega-Engine" , the token values started being generated.