Support Article
Empty Referrer sent for requestor error
SA-83505
Summary
On closing all the existing browser tabs, the application does not open in a tab of the same browser session.
Error Messages
(mgmt.util.CSRFUtil) ERROR xx.x.xx.xx|xx.xx.xx.xx - Empty Referrer sent for requestor:
Steps to Reproduce
- Open the Pega application in a browser.
- Close all the tabs on which the Pega application is running.
- Reopen the Pega application in the same browser session.
Root Cause
This behavior is as per Pega product design.
Resolution
Here's the explanation for the reported behavior:
When the Cross-Site Request Forgery (CSRF) is enabled in Pega, the application shares a CSRF token embedded as part of the URL. When the URL is clicked, for the next request-, the previous URL is the referrer from where the request is initiated. Hence, if the Pega application is unable to find the CSRF token in the referrer header as per the functionality, the 403 error message displays.
Tags:
Published August 19, 2019 - Updated December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.