Enabling CSRF Settings prevents unwanted attacks on customer web applications. In the following use case, the system performs the CSRF check on all activities and streams except chat-specific activities and streams.
- In the header of Dev Studio, click .
Result: The system opens the Cross-Site Request Forgery page.
- In the Cross-Site Request Forgery (CSRF) Settings section,
select the Enable CSRF token check radio button.
Result: The system displays the Secure section with the following two options:
- All activities & streams: Secures all activities and streams except the specified activities.
- Specific activities & streams: Secures only specific activities and streams and allows the rest.
Note: Enabling the CSRF check doesn’t allow the chatbot to load on a web page.
- To exclude CSRF check on the chat-specific activities and streams, perform the
- In the Secure section, select All activities & streams.
- In the Allowed Activities field, enter the
following activities to exclude them from the CSRF check:
- In the Allowed Streams field, enter the ProcessChatAPI stream to exclude the stream from the CSRF check.
- In the Referrer Settings section, perform the following
- To enable referrer check, select the Enable referrer
check check box.
- When you select the Enable referrer check option, the system white lists the specified referrer URLs from the CSRF check.
- In the Allowed referrers field, enter the
- To enable referrer check, select the Enable referrer check check box.
- To save the changes, click Submit.