Securing Tridion web interfaces against CSRF
Several of the web-based user interfaces in SDL Tridion Sites communicate with a server-side UI framework, including the Content Manager Explorer and Experience Manager. To guard these UIs against cross-site request forgery (CSRF), configure anti-CSRF security on the Content Manager server.
About this task
SDL Tridion Sites includes the following two modules to provide security against CSFR:
AntiCsrfBasicModulefor basic anti-CSRF securityAntiCsrfModulefor general (more stringent) anti-CSRF security
These modules apply to the following UIs:
- Content Manager Explorer (also called the "Tridion Classic" interface)
- Experience Manager
- Other UIs that communicate with the server-side UI framework
Note that these modules do not apply to the Experience Space user interface, introduced in release 9.5.