Jump to content
The ibi Community has moved to a new platform: Please Sign In and choose Forgot Password to continue

What is "IBI_CSRF_REFERER_MATCH_DOMAIN"?


Asuka Tsuda

Recommended Posts

I found "IBI_CSRF_REFERER_MATCH_DOMAIN" in event.log in WebFOCUS 9.0.4.

[2023-08-29 00:00:59,505] INFO [com.ibi.monitor.WFContextListener:ApplicationValues] - Application config parameter: IBI_CSRF_REFERER_MATCH_DOMAIN (WFConfigVarList), value=TRUE

What does this parameter mean?

Link to comment
Share on other sites

Thanks for the quick response.

I looked at THE SECURITY MANUAL and found a description of the following settings, but no mention of "IBI_CSRF_REFERER_MATCH_DOMAIN".

・IBI_CSRF_ENFORCE

・IBI_CSRF_TOKEN_NAME

・IBI_CSRF_ALLOW_LEGACY

I know Cross-site request forgery.

What is the effect of enabling "IBI_CSRF_REFERERER_MATCH_DOMAIN"?

What is the difference between the above three settings?

In addition, is there a way to disable it?

Best regards,

Asuka Tsuda

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...