How does OpenMetadata ensure security with the prevention of CSRF? #5478
-
|
How does OpenMetadata ensure security with the prevention of CSRF Cross-Site Request Forgery? How do you prevent other websites from using the token from OpenMetadata to make requests? Also if someone has custom fields which redirect to other websites, like the links to other websites that are passed in as Markdown. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
A valid token needs to be passed in the headers and nobody else can read that token. With secure deployment of OpenMetadata, the server requires a "Bearer Token" in the header of every API request. In the frontend, when a user logs in to OpenMetadata with the configured SSO, the frontend gets a JWT token and passes it to the server upon each request. This JWT token is generally a short-lived token and will be refreshed with a refresh token based on the SSO configured. |
Beta Was this translation helpful? Give feedback.
A valid token needs to be passed in the headers and nobody else can read that token.
With secure deployment of OpenMetadata, the server requires a "Bearer Token" in the header of every API request. In the frontend, when a user logs in to OpenMetadata with the configured SSO, the frontend gets a JWT token and passes it to the server upon each request. This JWT token is generally a short-lived token and will be refreshed with a refresh token based on the SSO configured.