Enabling cross-site request forgery support
You can enable cross-site request forgery (CSRF) settings for the system from the Cross-Site Request Forgery landing page. These settings help prevent attacks that might cause a user to perform unintended actions in the system, for example, unintentionally changing a password.
You can do several tasks on the CSRF landing page. For example, you can enable a CSRF token check and manage Referrer settings. CSRF tokens are unique tokens that are generated by a random number generator and assigned to Pega URLs. For information about performing these tasks, see Enabling and configuring Cross-Site Request Forgery settings.
- Enabling and configuring Cross-Site Request Forgery settings
Configure cross-site request forgery settings (CSRF) to prevent users from unintentionally making changes because of a CSRF attack. You can set validation for activities and streams, add host names to an allow list, and specify host names that you want checked for a CSRF token.