You can help protect against Cross-Site Request Forgery (CSRF) attacks against StorageGRID Webscale by using CSRF tokens to enhance authentication that uses cookies. The Grid Manager and Tenant Manager automatically enable this security feature; other API clients can choose whether to enable it when they sign in.
An attacker that can trigger a request to a different site (such as with an HTTP form POST) can cause certain requests to be made using the signed-in user’s cookies.
StorageGRID Webscale helps protect against CSRF attacks by using CSRF tokens. When enabled, the contents of a specific cookie must match the contents of either a specific header or a specific POST body parameter.
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d "{ \"username\": \"MyUserName\", \"password\": \"MyPassword\", \"cookie\": true, \"csrfToken\": true }" "https://example.com/api/v2/authorize"
When true, a GridCsrfToken cookie is set with a random value for sign-ins to the Grid Manager, and the AccountCsrfToken cookie is set with a random value for sign-ins to the Tenant Manager.
See the online API documentation for additional examples and details.