Web Services Reference for Oracle Billing Insight > Customizing RESTful Resources > About Authentication and Authorization >
About Protection From Cross-Site Request Forgery
Oracle Billing Insight uses the server-side request filter, com.sun.jersey.api.container.filter.CsrfProtectionFilter, to protect from a cross-site request forgery (CSRF) attack. The request filter checks for an X-Requested-By header in incoming HTTP requests other than GET, OPTIONS, or HEAD, by default. If the header is not found, then Response.Status.BAD_REQUEST returns. You must add an X-Requested-By header with an arbitrary value to all HTTP POST, PUT and DELETE requests sent to your REST endpoints.
|