B.1 Cross Site Request Forgery

Learn how to avoid client-side attacks.

Oracle GoldenGate has CSRF mitigation support that is controlled by the server's configuration. The default configuration is to enforce CSRF-token based protection.

Cross Site Request Forgery (CSRF) protection when enabled applies to any request issued from a web browser that's originating from a script or programmatic interface. CSRF protection is only checked for requests that intend to modify resources at the origin server. This means that PUT, POST, and DELETE are the only HTTP request verbs where CSRF protection will be enforced (if enabled).

CSRF protection will not be enforced regardless of CSRF being enabled for requests issued from non-browser clients such as curl, wget, or netcat. CSRF is also not enforced for request from Admin Client as none of these clients are web browsers.

For more information, see Open Web Application Security Project Cross-Site Request Forgery (CSRF) page for further details.