You can enable token-based Cross-Site Request Forgery (CSRF) protection in Universal Access to secure the IBM® Cúram Social Program
Management REST APIs from CSRF attacks.
About this task
For more information about CSRF protection in Social Program
Management, see Cross-Site
Request Forgery (CSRF) Protection.
For more information about how the REST APIs integrate token-based CSRF protection, see Integrating token-based Cross-Site Request Forgery (CSRF) protection.
Procedure
- Enable CSRF protection on the SPM server, see Enabling token-based Cross-Site Request Forgery (CSRF) protection.
- Ensure that any subdomains are included in the
curam.rest.refererDomains
SPM system property.
- Set the Universal Access
security environment variables for CSRF in Universal Access application. See React environment variable reference.
- Ensure that any images in the application that are stored in SPM and requested from the
SPM server use the
UAImage
component from the core-ui
package. The
UAImage
component is a wrapper for the Image
component that adds
the CSRF token to image requests from the SPM server.
Note: If you are upgrading, you must ensure that you replace the Image
component
with the UAImage
component for all images that are stored in SPM. Otherwise, images
that are stored in SPM cannot be retrieved and displayed.