CSRF Settings for chat-specific activities and streams
Enabling CSRF Settings prevents unwanted attacks on customer web applications. In the following use case, the system performs the CSRF check on all activities and streams except chat-specific activities and streams.
Pega Customer Service
Implementation Guide
- In the header of Dev Studio, click .
Result: The system opens the Cross-Site Request Forgery page. - In the Cross-Site Request Forgery (CSRF) Settings section,
select the Enable CSRF token check radio button.
Result: The system displays the Secure section with the following two options: - All activities & streams: Secures all activities and streams except the specified activities.
- Specific activities & streams: Secures only specific activities and streams and allows the rest.
Note: Enabling the CSRF check doesn’t allow the chatbot to load on a web page. - To exclude CSRF check on the chat-specific activities and streams, perform the
following tasks:
- In the Secure section, select All activities & streams.
- In the Allowed Activities field, enter the
following activities to exclude them from the CSRF check:
- SetChatParams
- GetCoBrowseConfigurations
- czInvokeRouting
- czUpdateConversationOnChatClosure
- ToasterPopForChat
- In the Allowed Streams field, enter the ProcessChatAPI stream to exclude the stream from the CSRF check.
- In the Referrer Settings section, perform the following
steps:
- To enable referrer check, select the Enable referrer
check check box.
Note: - When you select the Enable referrer check option, the system white lists the specified referrer URLs from the CSRF check.
- In the Allowed referrers field, enter the
following URLs:
https://pegafpssdev.pg.com
https://pegafpsschatdev.pg.com
- To enable referrer check, select the Enable referrer
check check box.
- To save the changes, click Submit.
Previous topic Cross-Site Request Forgery (CSRF) Next topic Messaging attachments