Skip to main content

Question

1
Replies
82
Views
 Sowmya Patllola (SowmyaP37) Amazon.com Inc
Amazon.com Inc
IN
SowmyaP37 Member since 2021 5 posts
Amazon.com Inc
Posted: January 24, 2022
Last activity: January 24, 2022
Posted: 24 Jan 2022 8:14 EST
Last activity: 24 Jan 2022 9:34 EST

Getting cross site forgery attack error

Report

Hi, 

We are facing cross site forgery attack for one of the user when the user is trying to open the assignment link from the email. When opened the link from the email, portal is not getting launched. observed "Cross Site Request Forgery attack detected and was blocked" exception in security logs.

Can anyone please help us how to proceed further in fixing this issue.

Thanks.

 

***Edited by Moderator Marije to change type from General to Product, added Product details and Capability tags****
Pega Platform User Experience Security Case Management Other Industry
Reply
Posted: 10 months ago
Posted: 24 Jan 2022 9:34 EST
Marije Schillern (MarijeSchillern) MOD Senior Knowledge Management Specialist
Pegasystems Inc.
GB
Report

@SowmyaP37  

SECU0008

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

See the available documentation:

https://docs-previous.pega.com/pega-customer-service-implementation-guide/85/cross-site-request-forgery-csrf

https://docs-previous.pega.com/security/85/enabling-and-configuring-cross-site-request-forgery-settings

https://collaborate.pega.com/question/understanding-secu0008-alert

What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.

--> You may want to check the URL you are using within the Email to check that the CSS, activities etc are all allowed. 

 When you are using "OpenAssignment" in pyMobileSnapStart, you must pass these 2 parameters correctly in the URL -

  • InsHandle - This is the pzInsKey of the assignment (Starts with something like ASSIGN-WORKLIST XYZ_FLOW)
  • InsClass - The class of the assignment (Starts with Assign-)

Construct these 2 parameters correctly and test.

See this discussion

Show More

@SowmyaP37  

SECU0008

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

See the available documentation:

https://docs-previous.pega.com/pega-customer-service-implementation-guide/85/cross-site-request-forgery-csrf

https://docs-previous.pega.com/security/85/enabling-and-configuring-cross-site-request-forgery-settings

https://collaborate.pega.com/question/understanding-secu0008-alert

What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.

--> You may want to check the URL you are using within the Email to check that the CSS, activities etc are all allowed. 

 When you are using "OpenAssignment" in pyMobileSnapStart, you must pass these 2 parameters correctly in the URL -

  • InsHandle - This is the pzInsKey of the assignment (Starts with something like ASSIGN-WORKLIST XYZ_FLOW)
  • InsClass - The class of the assignment (Starts with Assign-)

Construct these 2 parameters correctly and test.

See this discussion

https://collaborate.pega.com/question/open-case-url-email-body

https://collaborate.pega.com/question/how-address-security-alerts

https://collaborate.pega.com/question/user-should-be-able-launch-assignment-email

 

 

Show Less
Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice