From 5114d19a073c1ff9af9e760e3389a7e7bd5352b1 Mon Sep 17 00:00:00 2001 From: Menaka Jayawardena Date: Thu, 19 Jan 2017 13:13:56 +0530 Subject: [PATCH] Modified csrf property for devicemgt api --- .../repository/conf/security/Owasp.CsrfGuard.Carbon.properties | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties index 171e8094..f6daa5c3 100644 --- a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties +++ b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties @@ -447,7 +447,6 @@ org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60 # please remove the below entry to enable protection for services. -org.owasp.csrfguard.unprotected.Services=%servletContext%/services/* org.owasp.csrfguard.unprotected.oauth=%servletContext%/commonauth/* org.owasp.csrfguard.unprotected.samlsso=%servletContext%/samlsso/* org.owasp.csrfguard.unprotected.authenticationEndpoint=%servletContext%/authenticationendpoint/* @@ -464,7 +463,7 @@ org.owasp.csrfguard.unprotected.deviceMgtRestApi=%servletContext%/api/device-mgt org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/* org.owasp.csrfguard.unprotected.deviceMgtSSOAcs=%servletContext%/devicemgt/uuf/sso/acs org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs -org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/invoker/execute/* +org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/* org.owasp.csrfguard.unprotected.storeEventPublisher=%servletContext%/store/apis/eventpublish/* org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs