Problem with CSRF token
While uploading the document we are seeing the error message in logs as Empty CSRF token in the request .
2024-06-11 22:37:08,508 [.37.95.71-443-exec-5] [TABTHREAD0] [ ] [ ] ( mgmt.util.CSRFUtil) ERROR appl.test.se|XX.XX.XX.X HOPKWJ9FF70BTOA3VAOITHTR7Q9NG9SJOA - CSRF Mitigation - Empty CSRF token in the request made by the thread with name TABTHREAD0
we see the 403 error in browser console for the below request .
Request URL: https://appl.test.se/prweb/Applicant/app/LOA_/riPdw8Xf_Q2LR7tthACBpA*/!TABTHREAD0?pyActivity=pzRunActionWrapper&pzTransactionId=57204ce1a79fd12a8b7be3817e10e0c2&pzFromFrame=pyWorkPage&pzPrimaryPageName=pyWorkPage&AttachFieldReadOnly=&AttachFieldRequired=&Category=File&UITemplatingStatus=N&inStandardsMode=true&AJAXTrackID=1&pzHarnessID=HID83AEC5666D65D03046684F0AC4CC150F&pzActivity=pzDragDropMultiFileUpload&skipReturnResponse=true&pySubAction=runAct Request Method: POST Status Code: 403 Forbidden
Referrer Policy: strict-origin-when-cross-origin
We are using OOTB control (pzMultiFilePath) for uploading the document and couldn't see anything in tracer except the above log information .
While uploading the document we are seeing the error message in logs as Empty CSRF token in the request .
2024-06-11 22:37:08,508 [.37.95.71-443-exec-5] [TABTHREAD0] [ ] [ ] ( mgmt.util.CSRFUtil) ERROR appl.test.se|XX.XX.XX.X HOPKWJ9FF70BTOA3VAOITHTR7Q9NG9SJOA - CSRF Mitigation - Empty CSRF token in the request made by the thread with name TABTHREAD0
we see the 403 error in browser console for the below request .
Request URL: https://appl.test.se/prweb/Applicant/app/LOA_/riPdw8Xf_Q2LR7tthACBpA*/!TABTHREAD0?pyActivity=pzRunActionWrapper&pzTransactionId=57204ce1a79fd12a8b7be3817e10e0c2&pzFromFrame=pyWorkPage&pzPrimaryPageName=pyWorkPage&AttachFieldReadOnly=&AttachFieldRequired=&Category=File&UITemplatingStatus=N&inStandardsMode=true&AJAXTrackID=1&pzHarnessID=HID83AEC5666D65D03046684F0AC4CC150F&pzActivity=pzDragDropMultiFileUpload&skipReturnResponse=true&pySubAction=runAct Request Method: POST Status Code: 403 Forbidden
Referrer Policy: strict-origin-when-cross-origin
We are using OOTB control (pzMultiFilePath) for uploading the document and couldn't see anything in tracer except the above log information .
I think, Pega take care of the generating/sending the token in every client request but not sure how it's missing in document upload request .Is there way to check the how/where CSRF token is missing ?
Accepted Solution
Updated: 3 Jul 2024 6:00 EDT
Pegasystems Inc.
IN
@BRAHMESH@ - Can you verify the DSS setting for prconfig/cookie/HttpOnly/default is set to false or not?
Thank you.