Protect Against CSRF Attacks
To help protect against Cross-Site Request Forgery (CSRF) attacks on social web services, App Studio can ensure that all requests are tokenized. That is, each request is provided with a randomized Appkit request token.
If it does not already exist, create a new file named
csrf.confand place it under
In that file, set the property
true. This tokenizes the requests.
By default, the time-to-live of the Appkit request token is 60 minutes. You can change this by setting the property
durationto some other value; for example,
duration: 30. Responses received without a request token or with a request token has expired are rejected.
This configuration enables protection against CSRF attacks and sets the time-to-live of the request token to 30 minutes:
enabled: true duration: 30