フィードバックを送信
legacy-knowledge-base
公開されました Jul. 2, 2025

Liferay で CSRF トークンを有効にする方法は?

written-by

Sivakumar Perumal

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

legacy-article

learn-legacy-article-disclaimer-text

問題

  • LiferayでCSRF攻撃を防ぐためにCSRFトークンを有効にする方法は?

Environment

  • Liferay DXP 7.2

解決策

  • Liferay の p_auth トークン CSRF から保護し、デフォルトで有効になっています。 CSRF トークンを処理するメイン コードは とおりです。 .java
    ##
    ## Authentication Token
    ##

     #
     # Set this to false to disable CSRF protection in the portal. Disabling
     # CSRF protection is not recommended since all features become vulnerable
     # to CSRF attacks.
     #
     # The checks can be disabled for specific actions via the property
     # "auth.token.ignore.actions" or for specific portlets via the init
     # parameter "check-auth-token" in portlet.xml.
     #
     # Env: LIFERAY_AUTH_PERIOD_TOKEN_PERIOD_CHECK_PERIOD_ENABLED
     #
     auth.token.check.enabled=true

追加情報

did-this-article-resolve-your-issue
legacy-knowledge-base
did-this-article-resolve-your-issue