From da445542435aa2041616625fb9967b740faa8683 Mon Sep 17 00:00:00 2001
From: Hasunie <hasunie@wso2.com>
Date: Mon, 16 Jan 2017 18:36:21 +0530
Subject: [PATCH] fixing CSRF issue in IOT server login

---
 .../repository/conf/security/Owasp.CsrfGuard.Carbon.properties | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/analytics/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/analytics/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
index 2b5a7b42..bf41e0ee 100644
--- a/modules/analytics/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
+++ b/modules/analytics/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
@@ -454,3 +454,6 @@ org.owasp.csrfguard.unprotected.JsApi=%servletContext%/portal/apis/analytics/*
 org.owasp.csrfguard.unprotected.Servlet=%servletContext%/analytics-api/*
 org.owasp.csrfguard.unprotected.ml=%servletContext%/api/login*
 org.owasp.csrfguard.unprotected.passivests=%servletContext%/acs/*
+org.owasp.csrfguard.unprotected.deviceMgtSSOAcs=%servletContext%/devicemgt/uuf/sso/acs
+org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs
+org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/invoker/execute/*