We have observed that when we log on to Sterling Integrator through the browser portal, the URL displays the CSRF securetoken for that particular session. When a correct user login credential is submitted
to the SI web server, the sequence of web "GET" requests are submitted from the user workstation to the SI web servers. When a request is submitted to the /user/CSRFInfo, it returns a securetoken. This securetoken serves as CSRF token to mitigate Cross Site Request Forgery.
Our internal audit has identified this as a concern on security grounds.
We request you to modify the product so that it doesn't display this token information in the URL please.