Has API Portal 4.3.1 been implemented with CSRF measures?
Release: Component: APIPRD
The APIM Application was tested for CSRF Vulnerability and CSRF attack is not possible in APIM because of following reasons
1)The Application uses PUT Method for updating details in the portal and applications using PUT method is not vulnerable to CSRF (unless CORS Policy is Misconfigured,APIM CORS Policy is configured securely)
2)The Application validates the below header and its value and HTML Forms can not set this header value in CSRF Attack Content-Type: application/json; charset=UTF-8