Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF), also known as an XSRF or a sea surf, is a web security attack in which an intruder tricks customers to perform certain malicious activities on their web applications where they are currently authenticated. When you enable the CSRF token check in the Pega Customer Service application Dev Studio, the system defends activities and streams from the CSRF attack.
Pega Customer Service
Implementation Guide
Pega Customer Service
Implementation Guide
CSRF Settings for chat-specific activities and streams
Enabling CSRF Settings prevents unwanted attacks on customer web applications. In the following use case, the system performs the CSRF check on all activities and streams except chat-specific activities and streams.
- In the header of Dev Studio, click .
- In the Cross-Site Request Forgery (CSRF) Settings section, select the Enable CSRF token check radio button.
- To exclude CSRF check on the chat-specific activities and streams, perform the
following tasks:
- In the Secure section, select All activities & streams.
- In the Allowed Activities field, enter the
following activities to exclude them from the CSRF check:
- SetChatParams
- GetCoBrowseConfigurations
- czInvokeRouting
- czUpdateConversationOnChatClosure
- In the Allowed Streams field, enter the ProcessChatAPI stream to exclude the stream from the CSRF check.
- In the Referrer Settings section, perform the following
steps:
- To enable referrer check, select the Enable referrer
check check box.
- In the Allowed referrers field, enter the
following URLs:
https://pegafpssdev.pg.comhttps://pegafpsschatdev.pg.com
Specifying allowed activities, streams, and referrer URLs in CSRF Settings 
- To enable referrer check, select the Enable referrer
check check box.
- To save the changes, click Submit.
Previous topic Web self-service Next topic Configuring a Unified Messaging chatbot