CSRF

Cross-Site Request Forgery configuration overview.

config.filter.http.csrf.v2.CsrfPolicy

[config.filter.http.csrf.v2.CsrfPolicy proto]

CSRF filter config.

{
  "filter_enabled": "{...}",
  "shadow_enabled": "{...}",
  "additional_origins": []
}
filter_enabled

(core.RuntimeFractionalPercent, REQUIRED) Specifies if CSRF is enabled.

More information on how this can be controlled via runtime can be found here.

Note

This field defaults to 100/HUNDRED.

shadow_enabled

(core.RuntimeFractionalPercent) Specifies that CSRF policies will be evaluated and tracked, but not enforced. This is intended to be used when filter_enabled is off.

More information on how this can be controlled via runtime can be found here.

Note

This field defaults to 100/HUNDRED.

additional_origins

(type.matcher.StringMatcher) Specifies additional source origins that will be allowed in addition to the destination origin.

More information on how this can be configured via runtime can be found here.