Question
1
Replies
520
Views
Posted: March 12, 2018
Last activity: March 13, 2018
Closed
Solved
Empty CSRF Token
We are in the process of turning on CSRF mitigation using the following DSS settings: security/csrf/mitigation = true , security/csrf/secureall = true
When reviewing the application html source, it looks like the CSRF token is not being populated. Here is a snippet of html code from the application:
"pega.d" : { "pyUID": "gdamore", "csrfToken": "",
After further investigation, we discovered that the owning ruleset was incorrect. Once we changed it to "Pega-Engine" , the token values started being generated.