Cross-site request forgery (CSRF) is a web security vulnerability. An attacker exploits this vulnerability to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

CSRFGuard utility, a token-based method is implemented in Arbortext Publishing Engine to mitigate the risk of CSRF attacks.

You can find configuration of the CSRFGuard utility in csrfguard.properties file located at PE_HOME\e3\e3\WEB-INF.

The CSRFGuard is enabled by default and protects all pages of the Arbortext Publishing Engine administration application. Further configuration of the CSRFGuard is possible via the csrfguard.properties file which contains relevant instructions.

Protecting and unprotecting resources is achieved via a combination of updating the section E3 Configuration: Parameters as URI endpoints and the Unprotected Pages section. You can refer to the csrfguard.properties file for more detailed information.