This section describes how secure a Digizuite installation using cross-site request forgery protection
Recommendation
Digizuite is recommended to have CSRF setup in order to <TODO: WRITE MORE TEXT
Digizuite DAM Center
CSRF is configured in Digizuite DamCenter web.config file,
<add key="CSRFTokenPepper" value="random_string_at_least_10_characters_long" />
Random string used when generating cryptographic CSRFToken, Install script generates this, if missing.
<add key="CSRFTokenPepperCookie" value="another_random_string_at_least_10_characters_long" />
random string used when generating cryptographic CSRFToken, Install script generates this, if missing, if these strings are changed existing sessions must re login..
<add key="CSRFDisabled" value="true" />
If this setting is added, CSRF protection is disabled, it is enabled by default.
Remark
Browsers may be forced to re-login, if the browser loses the X-CSRF-Token due to a page refresh