This page explains how to secure your application against Cross-Site Request Forgery (CSRF) attacks.
Default security setup in Bonita BPM
In Bonita BPM, the security feature is optional and disabled by default. This leaves Bonita BPM unprotected from malicious attacks. By default (with the security feature disabled), the behavior of the application remains the same but no check is done regarding Tokens in HTTP Requests.