HTTP CSRF protection

This topic addresses Cross site request forgery(CSRF), which is a class of attack that forces an end user to execute unwanted actions on an application when the user is authenticated. The Digital.ai Deploy frontend uses endpoints protected with CSRF .

New public endpoints starting from /xldeploy is protected with CSRF. The UI uses these endpoints, starting from the 9.6 release.

The previous endpoints starting from /deployit are still in use.

For example,

Protected with CSRF:

xldeploy/maintenance/stop

Not protected with CSRF:

deployit/maintenance/stop

note

All XLD plugins and CLI are still using the not protected endpoints.