This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Add the following code snippet within the <Security> element of the <PRODUCT_HOME>/repository/conf/carbon.xml file.

    Code Block
            <!-Enable/Disable CSRF prevention->
            <!--URL Pattern to skip the CSRF prevention-->
    		<!--List of URL to allow as source to access the system-->
  2. Edit the <Whitelist> element of the code snippet above by adding the relevant list of URLs that are approved sources.

  3.  Add the following configuration within the <Hosts><Host> element of the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file.

    Code Block
    <Valve className="org.wso2.carbon.ui.valve.CSRFValve"/>
  4. Restart the product server.