We are having an issue with file upload in pega portal as it's giving 403 error .

one of the server is configured with opswat metadefender api for sanitizing the documents that are being uploaded by customer in Pega ,Recently Opswat was upgraded to latest version, after upgrade we are not able to upload the documents as pega is getting the 403 error from server and we see the document was uploaded into ServiceExportDirectory but not able to read the document from the folder and invoke the pyuploadfile activity to form dragDropFileUpload page list. we use OOTB control pzMultiFilePath for uploading the documents.

We tried to disable the security check as well by making the pyBlockUnregisteredRequests when rule as false but still problem is persist .

The log from browser console :

Request URL: https://appl.test.se/prweb/Applicant/app/LOA_/riPdw8Xf_Q2LR7tthACBpA*/!TABTHREAD0?pyActivity=pzRunActionWrapper&pzTransactionId=57204ce1a79fd12a8b7be3817e10e0c2&pzFromFrame=pyWorkPage&pzPrimaryPageName=pyWorkPage&AttachFieldReadOnly=&AttachFieldRequired=&Category=File&UITemplatingStatus=N&inStandardsMode=true&AJAXTrackID=1&pzHarnessID=HID83AEC5666D65D03046684F0AC4CC150F&pzActivity=pzDragDropMultiFileUpload&skipReturnResponse=true&pySubAction=runAct Request Method: POST Status Code: 403 Forbidden

Referrer Policy: strict-origin-when-cross-origin  

Pega Rules Log :-At the same time we see the following exception in pega logs related to CSRF token.

2024-06-11 22:37:08,508 [.37.95.71-443-exec-5] [TABTHREAD0] [                    ] [                    ] (            mgmt.util.CSRFUtil) ERROR appl.test.se|XX.XX.XX.X HOPKWJ9FF70BTOA3VAOITHTR7Q9NG9SJOA  - CSRF Mitigation - Empty CSRF token in the request made by the thread with name TABTHREAD0.

Any lead how to proceed further to identify the issue .