Should you want to learn more about this, this should be useful https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Mostly, it does not affect you, but in some cases it does. Here are some of the scenarios.
- You are making an XMLHttpRequest with method POST, PUT or DELETE without using the Alfresco.util.Ajax or alfresco/core/CoreXhr classes
- You are making a form upload with enctype multipart/form-data without using Alfresco.forms.Form
- You are using a flash movie inside Share to send http requests with method POST
- You are writing a non-browser client, i.e. a mobile app
- Another system is sending POST requests to your Alfresco Share server
- You are running Alfresco Share behind one or more proxy server(s) and I get errors…
For that, simply add the following code snippet in your share-config-custom.xml file.
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
Thanks to Erik Winlof for the detailed information.