Frequently asked question

How does Cross Site Reference Forgery (CSRF) affect the ArcGIS Java ADF?

Last Published: April 25, 2020

Answer

The FacesServlet that is part of the JSF libraries is susceptible to Cross Site Reference Forgery (CSRF). The Java ADF makes use of the JSF libraries. The Java ADF does not include an ESRI specific JSF library. CSRF characteristics can:

- involve sites that rely on a user's identity

- exploit the site's trust in that identity

- trick the user's browser into sending HTTP requests to a target site, and

- involve HTTP requests that have side effects.

The two articles in the Related Information below explain the issue and how to work around the issue.

Article ID:000010624

Software:
  • ArcGIS Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Related Information

Discover more on this topic