Enabling CSRF Settings prevents unwanted attacks on customer web applications. In the following use case, the system performs the CSRF check on all activities and streams except chat-specific activities and streams.

1. In the header of Dev Studio, click ConfigureSystemSettingsCross-Site Request Forgery.
   Result: The system opens the Cross-Site Request Forgery page.
2. In the Cross-Site Request Forgery (CSRF) Settings section, select the Enable CSRF token check radio button.
   Result: The system displays the Secure section with the following two options:

   • All activities & streams: Secures all activities and streams except the specified activities.
   • Specific activities & streams: Secures only specific activities and streams and allows the rest.

   Note: Enabling the CSRF check doesn’t allow the chatbot to load on a web page.
3. To exclude CSRF check on the chat-specific activities and streams, perform the following tasks:
   1. In the Secure section, select All activities & streams.
   2. In the Allowed Activities field, enter the following activities to exclude them from the CSRF check:
      • SetChatParams
      • GetCoBrowseConfigurations
      • czInvokeRouting
      • czUpdateConversationOnChatClosure

   3. In the Allowed Streams field, enter the ProcessChatAPI stream to exclude the stream from the CSRF check.
4. In the Referrer Settings section, perform the following steps:
   1. To enable referrer check, select the Enable referrer check check box.
      Note:

      • When you select the Enable referrer check option, the system white lists the specified referrer URLs from the CSRF check.
   2. In the Allowed referrers field, enter the following URLs:
      • https://pegafpssdev.pg.com
      • https://pegafpsschatdev.pg.com

      

      

5. To save the changes, click Submit.