Cross-Site Frogery Token(CSRF) prohibits access to debug page

(Doc ID 1477269.1)

Last updated on MAY 16, 2017

Applies to:

Oracle Waveset - Version and later
Information in this document applies to any platform.
***Checked for relevance on 30-Dec-2013***


The purpose of this knowledge article is to inform customers that 2 known issues exist in Oracle Waveset,, and related to the Cross-Site Frogery Token setting defined in System Configuration object.

       <Attribute name='csrfGuardToken'>
                  <Attribute name='enable'>


If 'crsfGuardToken' set to 'true', an error message shall appear while accessing IdM debug page or trying to save trace setting.

Security Violation: Incoming HttpServletRequest considered invalid by CSRFGUARD from address: xxx.xx.xx.xx

Known issues are :

1. Bug 14331259 - CSRF error when specifying debug path - only occurs in internet explorer.

2. Bug 14255992 - CSRF error when trying to save trace.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms