Oracle Billing Insight V7.0: About Protection From Cross-Site Request Forgery

Web Services Reference for Oracle Billing Insight > Customizing RESTful Resources > About Authentication and Authorization >

About Protection From Cross-Site Request Forgery

Oracle Billing Insight uses the server-side request filter, com.sun.jersey.api.container.filter.CsrfProtectionFilter, to protect from a cross-site request forgery (CSRF) attack. The request filter checks for an X-Requested-By header in incoming HTTP requests other than GET, OPTIONS, or HEAD, by default. If the header is not found, then Response.Status.BAD_REQUEST returns.

You must add an X-Requested-By header with an arbitrary value to all HTTP POST, PUT and DELETE requests sent to your REST endpoints.

Web Services Reference for Oracle Billing Insight		Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.