Hide CSRF Token

Shashidhara H shared this idea 20 months ago
Idea Logged

We are currently using Yellowfin's CSRF Filter, but wanted to know if it's possible to hide the token from the URL / HTTP Parameters.

Comments (1)

photo
1

Hi Shashi,

Thanks for reaching out with your question. At present it's no possible to configure this to behave differently. Since the token is randomly generated for each session, it does keep the chance of a compromised token pretty low.

That being said, I have submitted this as an Enhancement Request to be reviewed by our Development team.

Thanks,

Ryan