Cross-site request forgery (CSRF) is a type of malicious attack that tricks a user into sending unintended requests. For example, an attacker can trick an authenticated user into clicking a link to update their personal information. Web Sphere Commerce accepts this request as valid, as proper session cookies exist as part of the request. When cross-site request forgery protection is enabled, a designated URL parameter that is called authToken is required to be included as part of the request. The parameter value is generated by WebSphere Commerce and passed to the page in a request attribute with the same name. The authToken parameter is available only on SSL protected pages because this token must not be apparent. Only sensitive URLs that use SSL should require this protection. Identify the action to protect. For example, UserRegistrationAdd. Open the Struts configuration file where the action is defined. Add a property to the action. Name the property, csrfProtect