# CSRF¶

This extension may be referenced by the qualified name envoy.filters.http.csrf

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Cross-Site Request Forgery configuration overview.

## config.filter.http.csrf.v2.CsrfPolicy¶

[config.filter.http.csrf.v2.CsrfPolicy proto]

CSRF filter config.

{
"filter_enabled": "{...}",
}

filter_enabled

(core.RuntimeFractionalPercent, REQUIRED) Specifies the % of requests for which the CSRF filter is enabled.

If runtime_key is specified, Envoy will lookup the runtime key to get the percentage of requests to filter.

Note

This field defaults to 100/HUNDRED.

This is intended to be used when filter_enabled is off and will be ignored otherwise.