Closed
SECU0008 - Cross Site Request Forgery
I have received the SECU008 on the PEGA environments. I created the DSS for the alert but it is not working SECU008 alert is continuously triggering.
DSS Details: Pega-Engine.prconfig/security/urlaccessmode
Value: allow
Alert Details: Cross Site Request Forgery attack detected and was blocked. First Activity and Last Step are from the previous request, See ParameterPage below for the request that triggered this alert : URLAccessDetail CSRFAttack Invalid harness ID .......................... Please help me solve the issue.
***Edited by Moderator Marije to add Capability tags***
To see attachments, please log in.
Posted: 1 year ago
PEGA
Pegasystems Inc.
CA
Can you please check this?
- Beginning with Pega Platform 7.2, this setting is the default. Effective CSRF protection is achieved by using dynamic system settings, which are documented in Enabling and configuring Cross-Site Request Forgery settings .
- The application can use dynamic system settings to mitigate CSRF attacks. If this alert is shown, it should be investigated.
As instructed on 2nd step, if the alerts are shown after making the changes, then it should be investigated with the necessary infra teams.
I hope this helps!
Thanks,