Enabling CSRF Settings prevents unwanted attacks on customer web applications. In the following use case, the system performs the CSRF check on all activities and streams except chat-specific activities and streams.
- In the header of Dev Studio, click .
- In the Cross-Site Request Forgery (CSRF) Settings section, select the Enable CSRF token check radio button.
- To exclude CSRF check on the chat-specific activities and streams, perform the
- In the Secure section, select All activities & streams.
- In the Allowed Activities field, enter the
following activities to exclude them from the CSRF check:
- In the Allowed Streams field, enter the ProcessChatAPI stream to exclude the stream from the CSRF check.
- In the Referrer Settings section, perform the following
- To enable referrer check, select the Enable referrer
check check box.
- In the Allowed referrers field, enter the
- To enable referrer check, select the Enable referrer check check box.
- To save the changes, click Submit.