Problem

-- whenever a user connects to the UI, an error is thrown in the CN log :

potential cross-site request forgery (CSRF) attack thwarted (user:, ip:xx.xx.x.xxx, method:OPTIONS, uri:/ui/default/00000000-000000/core/, error:required token is missing from the request)

-- not a blocking issue; it does not affect the system

Resolution

* There is a file in Interchange/conf/META-INF called csrfguard.properties.

* In it there is a line like this: org.owasp.csrfguard.UnprotectedMethods=GET.

* Change it to org.owasp.csrfguard.UnprotectedMethods=GET,OPTIONS