OutSystems has built-in protection against CSRF attacks for POST requests since version 9.1.400.0.
Refer to this page only if you are using a previous version.
With the Cross Site Request Forgery (CSRF) method, attackers are able to make requests to your application from another site:
- GET request
- hidden image
- bad link
- POST request
- bad form
A common usage is tricking users and capturing unintended likes in social networking sites.
The following example illustrates how a CSRF attack can trick a user, that has not logged out from a vulnerable website, into clicking a trap link that executes a script or sends a fake POST request with the user's session ID:
How to do it with OutSystems Platform
To secure your OutSystems apps against CSRF attacks, the following actions are recommended:
Perform GET requests
|Perform POST requests||
To learn how to protect your OutSystems apps against other common types of attacks, check how OutSystems Platfom helps you develop secure applications.