English

FAQ: How does Cross Site Reference Forgery (CSRF) affect the ArcGIS Java ADF?

Question

How does Cross Site Reference Forgery (CSRF) affect the ArcGIS Java ADF?

Answer

The FacesServlet that is part of the JSF libraries is susceptible to Cross Site Reference Forgery (CSRF). The Java ADF makes use of the JSF libraries. The Java ADF does not include an ESRI specific JSF library. CSRF characteristics can:

- involve sites that rely on a user's identity

- exploit the site's trust in that identity

- trick the user's browser into sending HTTP requests to a target site, and

- involve HTTP requests that have side effects.

The two articles in the Related Information below explain the issue and how to work around the issue.

Related Information