Close popover

Table of Contents

Enabling cross-site request forgery support


You can enable cross-site request forgery (CSRF) settings for the system from the Cross-Site Request Forgery landing page. These settings help prevent attacks that might cause a user to perform unintended actions in the system, for example, unintentionally changing a password.

You can do several tasks on the CSRF landing page. For example, you can enable a CSRF token check and manage Referrer settings. CSRF tokens are unique tokens that are generated by a random number generator and assigned to Pega URLs. For information about performing these tasks, see Enabling and configuring Cross-Site Request Forgery settings.

  • Enabling and configuring Cross-Site Request Forgery settings

    Configure cross-site request forgery settings (CSRF) to prevent users from unintentionally making changes because of a CSRF attack. You can set validation for activities and streams, add host names to an allow list, and specify host names that you want checked for a CSRF token.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.