MicroStrategy ONE

Prevent a CSRF Attack

You can use the Prevention of CSRF attack (Cross-Site Request Forgery) security feature to prevent CSRF attacks.

To prevent a CSRF attack, you can turn on the validateRandNum parameter:

  1. Locate the sys_defaults.xml file in the following file path: C:\ProgramFile\MicroStrategy\Web ASPx\Web-INF\xml
  2. Update the value to 1 in the file, as seen below:
    3. Copy 
    <pr des="Used to show if we use random token check before process request" n="validateRandNum" scp="server" v="1"/>

    Once you enable this setting, a dynamic token is appended to each request made that is unique to the user session. If this setting is enabled, URL API requests are denied.

  3. Restart your web server to apply your changes.