From 9964e10bc1be87f5b699639bd317e560937f5717 Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 28 Feb 2018 22:15:26 +0530 Subject: [PATCH] Fix the CSRF issue when accessing mobile api Resolves https://github.com/wso2/product-iots/issues/1725 --- .../src/core/conf/security/Owasp.CsrfGuard.Carbon.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties index d730d644..e5f04bdf 100644 --- a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties +++ b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties @@ -466,7 +466,7 @@ org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/* org.owasp.csrfguard.unprotected.storeEventPublisher=%servletContext%/store/apis/eventpublish/* org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs -org.owasp.csrfguard.unprotected.publisherApi=%servletContext%/publisher/api +org.owasp.csrfguard.unprotected.publisherApi=%servletContext%/publisher/api/* org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs org.owasp.csrfguard.unprotected.apiStoreAcs=%servletContext%/api-store/acs org.owasp.csrfguard.unprotected.apiStoreApis=%servletContext%/api-store/apis/*