We regularly have to run webinspect scans on our CF servers. Recently, we started getting CSRF findings on both our new CF11 servers as well as our one remaining CF9 server. After doing research, it appears that with CF10 and later, there are tags to remediate this. My questions are:
- is this the only method to remediate? Are we really going to have to add this token logic to every form that the scan finds, which could be hundreds?
- is there not some administrator parameter that can remediate this across the server?