Enable Anti-CSRF Token for Userperf
Use a system property to ensure CSRF (Cross-Site Request Forgery) protection is enforced when setting user preferences.
Use the glide.security.userpref_csrf_check.enable system property to enforce CSRF (Cross-Site Request Forgery) protection when setting user preferences to the User Preference Definitions [sys_user_preference_definition] table via URI parameters. If the property isn't set to the recommended value of true, then the CSRF token required flag is overridden when set on individual preferences, and preferences can be set via URI parameters without requiring a CSRF token.
Ensure the glide.security.userpref_csrf_check.enable system property is set to true.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.security.userpref_csrf_check.enable |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | true |
| Fallback value | false |
| Category | Architecture, design, and threat modeling |
| Security risk |
|
| Functional Impact | Users or integrations that previously set certain preferences via URL parameters without a CSRF token may now fail if those preferences require a token. |
| Dependencies and prerequisites | None |
| References |