HTTP CSRF protection
Cross site request forgery or CSRF is a class of attack that forces an end user to execute unwanted actions on an application when the user is authenticated. The XL Deploy frontend uses endpoints protected with CSRF .
New public endpoints starting from
/xldeploy is protected with CSRF. The UI uses these endpoints, starting from the 9.6 release.
The previous endpoints starting from
/deployit are still in use.
Protected with CSRF:
Not protected with CSRF:
Note: All XLD plugins and CLI are still using the not protected endpoints.