Can we implement a native Yellowfin CSRF Prevention?
The good news is that Yellowfin has a built-in CSRF filter that can be enabled. This provides mitigation to CSRF attacks by introducing a token to each browser session. If the token doesn't match the request, the request is killed. You can find more information on that here.
We currently have the discussion of providing referer validation as the second fail-safe against CSRF.
This has been implemented as of 7.3.13 and 7.4.7 and can be enabled by adding the following to your <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml file:
Replies have been locked on this page!