While uploading the document we are seeing the error message in logs as Empty CSRF token in the request .
2024-06-11 22:37:08,508 [.37.95.71-443-exec-5] [TABTHREAD0] [ ] [ ] ( mgmt.util.CSRFUtil) ERROR appl.test.se|XX.XX.XX.X HOPKWJ9FF70BTOA3VAOITHTR7Q9NG9SJOA - CSRF Mitigation - Empty CSRF token in the request made by the thread with name TABTHREAD0
we see the 403 error in browser console for the below request .
Request URL:
https://appl.test.se/prweb/Applicant/app/LOA_/riPdw8Xf_Q2LR7tthACBpA*/!TABTHREAD0?pyActivity=pzRunActionWrapper&pzTransactionId=57204ce1a79fd12a8b7be3817e10e0c2&pzFromFrame=pyWorkPage&pzPrimaryPageName=pyWorkPage&AttachFieldReadOnly=&AttachFieldRequired=&Category=File&UITemplatingStatus=N&inStandardsMode=true&AJAXTrackID=1&pzHarnessID=HID83AEC5666D65D03046684F0AC4CC150F&pzActivity=pzDragDropMultiFileUpload&skipReturnResponse=true&pySubAction=runAct
Request Method:
POST
Status Code:
403 Forbidden
Referrer Policy:
strict-origin-when-cross-origin
We are using OOTB control (pzMultiFilePath) for uploading the document and couldn’t see anything in tracer except the above log information .
I think, Pega take care of the generating/sending the token in every client request but not sure how it’s missing in document upload request .Is there way to check the how/where CSRF token is missing ?