Getting cross site forgery attack error

Question

SowmyaP37

Member since 2021

5 posts

Amazon.com Inc

Posted: Jan 24, 2022

Last activity: Jan 24, 2022

Posted: 24 Jan 2022 8:14 EST
Last activity: 24 Jan 2022 9:34 EST

Closed

Getting cross site forgery attack error

Report

Hi,

We are facing cross site forgery attack for one of the user when the user is trying to open the assignment link from the email. When opened the link from the email, portal is not getting launched. observed "Cross Site Request Forgery attack detected and was blocked" exception in security logs.

Can anyone please help us how to proceed further in fixing this issue.

Thanks.

***Edited by Moderator Marije to change type from General to Product, added Product details and Capability tags****

To see attachments, please log in.

Pega Platform

User Experience

Security

Case Management

Other Industry

Like (0)
Share this page Facebook Twitter LinkedIn Email Copying... Copied!

Posted: 2 years ago

Posted: 24 Jan 2022 9:34 EST

MarijeSchillern

MOD

replied to SowmyaP37

Report

@SowmyaP37

SECU0008

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

See the available documentation:

https://docs-previous.pega.com/pega-customer-service-implementation-guide/85/cross-site-request-forgery-csrf

https://docs-previous.pega.com/security/85/enabling-and-configuring-cross-site-request-forgery-settings

https://collaborate.pega.com/question/understanding-secu0008-alert

What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.

--> You may want to check the URL you are using within the Email to check that the CSS, activities etc are all allowed.

When you are using "OpenAssignment" in pyMobileSnapStart, you must pass these 2 parameters correctly in the URL -

InsHandle - This is the pzInsKey of the assignment (Starts with something like ASSIGN-WORKLIST XYZ_FLOW)
InsClass - The class of the assignment (Starts with Assign-)

Construct these 2 parameters correctly and test.

See this discussion

@SowmyaP37

SECU0008

See the available documentation:

https://docs-previous.pega.com/pega-customer-service-implementation-guide/85/cross-site-request-forgery-csrf

https://docs-previous.pega.com/security/85/enabling-and-configuring-cross-site-request-forgery-settings

https://collaborate.pega.com/question/understanding-secu0008-alert

What is the exact content of the message? It's usually straightforward to map it to the Content Security Policy item to analyze.

--> You may want to check the URL you are using within the Email to check that the CSS, activities etc are all allowed.

When you are using "OpenAssignment" in pyMobileSnapStart, you must pass these 2 parameters correctly in the URL -

InsHandle - This is the pzInsKey of the assignment (Starts with something like ASSIGN-WORKLIST XYZ_FLOW)
InsClass - The class of the assignment (Starts with Assign-)

Construct these 2 parameters correctly and test.

See this discussion

https://collaborate.pega.com/question/open-case-url-email-body

https://collaborate.pega.com/question/how-address-security-alerts

https://collaborate.pega.com/question/user-should-be-able-launch-assignment-email

Show Less

To see attachments, please log in.

Like (0)

Question

Getting cross site forgery attack error

Need help or want to help others?

Experience the benefits of Support Center when you log in.

Question

Getting cross site forgery attack error

Related content:

Need help or want to help others?

Experience the benefits of Support Center when you log in.

We'd prefer it if you saw us at our best.