CSRF measures
Article ID: 132266
Updated On:
Products
CA API Developer Portal
CA API Gateway
Issue/Introduction
Has API Portal 4.3.1 been implemented with CSRF measures?
Environment
Release:
Component: APIPRD
Component: APIPRD
Resolution
The APIM Application was tested for CSRF Vulnerability and CSRF attack is not possible in APIM because of following reasons
1)The Application uses PUT Method for updating details in the portal and applications using PUT method is not vulnerable to CSRF (unless CORS Policy is Misconfigured,APIM CORS Policy is configured securely)
2)The Application validates the below header and its value and HTML Forms can not set this header value in CSRF Attack
Content-Type: application/json; charset=UTF-8
1)The Application uses PUT Method for updating details in the portal and applications using PUT method is not vulnerable to CSRF (unless CORS Policy is Misconfigured,APIM CORS Policy is configured securely)
2)The Application validates the below header and its value and HTML Forms can not set this header value in CSRF Attack
Content-Type: application/json; charset=UTF-8
Feedback
Yes
No
Powered by
