HP FutureSmart - Preventing cross site request forgery (CSRF) attack using CSRF-tokens (white paper)
4
This security feature would have impact on any SW Tools or Solutions that uses HTML form data directly in HTTP POST;
aka “Screen Scraping” to manage settings on the devices. Origin/Referer header or CSRFToken must be present without
which request will not be serviced.
Note: CSRF Protection can be disabled from the EWS or using WS*. The EWS page configuration setting under the
“Security” tab is shown below. The default setting is enabled.