It will be very good if OS give CSRF token by default without manually doing something like session values with hidden input.Also the same for API and Mobile apps.
Hi Amol,
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_OutSystems_Platform_helps_you_develop_secure_applications/05_Protecting_OutSystems_apps_from_Cross_Site_Request_Forgery_attacks
"The current version of the OutSystems platform has built-in protection against CSRF attacks for POST requests, as described in https://success.outsystems.com/Evalu...ith_OutSystems.
Refer to this page only for old OutSystems platform versions."
Best,
Joao
Yep as Joao said it's built in. We have had third party penertration testing done on our projects and passed CSRF checks
Thanks Joao,I will try to implement the same.