From 9964e10bc1be87f5b699639bd317e560937f5717 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Wed, 28 Feb 2018 22:15:26 +0530
Subject: [PATCH] Fix the CSRF issue when accessing mobile api

Resolves https://github.com/wso2/product-iots/issues/1725
---
 .../src/core/conf/security/Owasp.CsrfGuard.Carbon.properties    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
index d730d644..e5f04bdf 100644
--- a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
+++ b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
@@ -466,7 +466,7 @@ org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs
 org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/*
 org.owasp.csrfguard.unprotected.storeEventPublisher=%servletContext%/store/apis/eventpublish/*
 org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs
-org.owasp.csrfguard.unprotected.publisherApi=%servletContext%/publisher/api
+org.owasp.csrfguard.unprotected.publisherApi=%servletContext%/publisher/api/*
 org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs
 org.owasp.csrfguard.unprotected.apiStoreAcs=%servletContext%/api-store/acs
 org.owasp.csrfguard.unprotected.apiStoreApis=%servletContext%/api-store/apis/*