Asset Type ID | iscsrfguardconfig |
Substitution Values | |
Enabled isEnabled | Specifies whether CSRF guard is enabled in Integration Server. True specifies that CSRF guard is enabled. False specifies that CSRF is not enabled. This is the default. |
Excluded User Agents excludedUser Agents | A list of user agents for which Integration Server is not to apply CSRF guard. If CSRF guard is enabled, Integration Server requires that HTTP requests coming from user agents that are not specified as excluded must contain CSRF secure tokens. |
Landing Pages landingPages | A list of landing pages for the packages in your Integration Server. A landing page is the home page for a package. Integration Server does not check for CSRF secure tokens in the landing pages, but inserts a token for that page. Integration Server guards all further requests from these landing pages with CSRF secure tokens. |
Unprotected URLs unprotected URLs | The URLs for which Integration Server is not to check for CSRF secure tokens. If CSRF guard is enabled, Integration Server requires that the requests coming from all URLs that are not specified as unprotected must contain CSRF secure tokens. |
Denial Action denialAction | Action that you want Integration Server to perform when it detects that a request does not contain a CSRF secure token or contains an invalid CSRF secure token. Error specifies that you want Integration Server to throw an access denied error and terminate the request. This is the default. Redirect specifies that Integration Server is to redirect the user to a confirmation page or the home page of Integration Server Administrator. |