TeamCity
 
You are viewing the documentation for an earlier version of TeamCity.

CSRF Protection

Last modified: 19 August 2020

Сross-Site Request Forgery (CSRF) protection in TeamCity has been implemented since version 2017.1 (issue ). This protection implies a number of requirements on HTTP requests.

Since version 2020.1, TeamCity uses only CSRF tokens as a protection measure. In previous versions of TeamCity, Origin/Referer headers were also used.

To obtain a security token, send the GET https://your-server/authenticationTest.html?csrf request.
To pass the token, use the X-TC-CSRF-Token HTTP request header or the tc-csrf-token HTTP parameter.