You are currently reviewing an older revision of this page.
When navigating throughout an Appian environment, users may see the following error in the server log:
WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]
In the httpd.conf file, change the Set-Cookie configuration to allow for a regex that excludes the CSRF tokens. The names of the CSRF tokens are _appianCsrfToken and _appianMultipartCsrfToken.
More information on how to exclude cookies from the HttpOnly setting can be found here: https://www.tunetheweb.com/security/http-security-headers/secure-cookies/
This article applies to all versions of Appian using Apache as a web server.
Last Reviewed: May 2018
© 2020 Appian. All rights reserved.