HTTP CSRF protection
This topic addresses Cross site request forgery(CSRF), which is a class of attack that forces an end user to execute unwanted actions on an application when the user is authenticated. The Digital.ai Deploy frontend uses endpoints protected with CSRF .
New public endpoints starting from /xldeploy
is protected with CSRF. The UI uses these endpoints, starting from the 9.6 release.
The previous endpoints starting from /deployit
are still in use.
For example,
Protected with CSRF:
xldeploy/maintenance/stop
Not protected with CSRF:
deployit/maintenance/stop
note
All XLD plugins and CLI are still using the not protected endpoints.