Configuration of OWASP CSRFGuard Utility

Release 8.2.0.0 > Updates in Release 8.2.0.0 > Configuration of OWASP CSRFGuard Utility

In Arbortext Publishing Engine 8.2.0.0, OWASP CSRFGuard utility is integrated to prevent cross-site request forgery (CSRF) attacks.

CSRF is a web security vulnerability. An attacker exploits this vulnerability to induce users to perform unwanted actions on a trusted site.

To mitigate CSRF vulnerability, Arbortext Publishing Engine 8.2.0.0 implements CSRFGuard utility which is a token-based mitigation method.

You can find configuration of the CSRFGuard utility in Arbortext Publishing EnginePE_HOME\e3\e3\WEB-INF\csrfguard.properties file.

The CSRFGuard is enabled by default and protects all pages. To ensure that it does not block Arbortext Publishing Engine URLs, you must add following parameter to Java 9 Options in Apache Tomcat Properties:

--add-opens=java.base/java.util.regex=ALL-UNNAMED

For more information, see the Configuring CSRFGuard Utility and Installing Tomcat topics.