Empty Referrer sent for requestor error
On closing all the existing browser tabs, the application does not open in a tab of the same browser session.
(mgmt.util.CSRFUtil) ERROR xx.x.xx.xx|xx.xx.xx.xx - Empty Referrer sent for requestor:
Steps to Reproduce
- Open the Pega application in a browser.
- Close all the tabs on which the Pega application is running.
- Reopen the Pega application in the same browser session.
This behavior is as per Pega product design.
Here's the explanation for the reported behavior:
When the Cross-Site Request Forgery (CSRF) is enabled in Pega, the application shares a CSRF token embedded as part of the URL. When the URL is clicked, for the next request-, the previous URL is the referrer from where the request is initiated. Hence, if the Pega application is unable to find the CSRF token in the referrer header as per the functionality, the 403 error message displays.
0% found this useful