Enforce oauth state parameter validation

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：1分

Configure the glide.oauth.state.parameter.required property to prevent your instance from cross-site request forgery (CSRF) attacks.

The glide.oauth.state.parameter.required property enables the State parameter to be required in an OAuth request for authorization code flow. The State parameter is a string value that should not contain special characters or be empty. Setting this property to true ensures that an attacker cannot perform Cross-site request forgery (CSRF) attacks during authentication, which protects your instance from attacks from an impersonated user.

More information


Attribute	Description
Configuration name	glide.oauth.state.parameter.required
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	true
Category	Access control
Security risk	Severity score: 4.2 CVSS score: Medium Security risk details: Set this property to true to ensure that CSRF attacks are prevented.
Dependencies and prerequisites	None