CSRF measures

book

Article ID: 132266

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

Has API Portal 4.3.1 been implemented with CSRF measures?

Environment

Release:
Component: APIPRD

Resolution

The APIM Application was tested for CSRF Vulnerability and CSRF attack is not possible in APIM because of following reasons

1)The Application uses PUT Method for updating details in the portal and applications using PUT method is not vulnerable to CSRF (unless CORS Policy is Misconfigured,APIM CORS Policy is configured securely)

2)The Application validates the below header and its value  and HTML Forms can not set this header value in CSRF Attack 
Content-Type: application/json; charset=UTF-8