HTTP CSRF protection

Cross site request forgery or CSRF is a class of attack that forces an end user to execute unwanted actions on an application when the user is authenticated. The Deploy frontend uses endpoints protected with CSRF .

New public endpoints starting from /xldeploy is protected with CSRF. The UI uses these endpoints, starting from the 9.6 release.

The previous endpoints starting from /deployit are still in use.

For example,

Protected with CSRF:


Not protected with CSRF:


Note: All XLD plugins and CLI are still using the not protected endpoints.