New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Configuration: Answered but needs rewriting

How to disable Cross Site Request Forgery ( CSRF ) warning?

I am integrating foswiki as an intranet solution for a firm with about 1000 emplyees. The webserver and everything is heavyly shielded and the authentication unique to the person. I get questions all the time from people how feel threatened by the CSRF warning. And I don't see any need for this warning in enviroment but was not able to find a clean solution to disable it. I guess i overlooked it. Anyway. Maybe a it's good to have this question answered for your support database. And of course you would help us very much with it smile

Kind regards,

-- EnrikGuenter - 24 Nov 2010

If you are referring to the page that is headed "Warning! Confirmation required" (or local language equivalent) then you can change the behaviour in configure:

Security and Authentication ... Sessions ... {Validation}{Method} defaults to strikeone but can be set to none to disable CSRF warnings.

-- MartinRowe - 24 Nov 2010

I have had the same problem of "Warning! Confirmation required" sites popping up everytime a change was submitted to the wiki (edit, user registration, etc.) after upgrading from 1.0.9 to 1.1.2. Even worse some Firefox browsers didn't even showed an OK button.

Setting the {Validation}{Method} to embedded did the trick for me even if the OK button is still missing sometimes.

-- PhilippWeber - 26 Nov 2010

QuestionForm edit

Subject Configuration
Version Foswiki 1.1.2
Status Answered but needs rewriting
Topic revision: r3 - 26 Nov 2010, PhilippWeber - This page was cached on 15 Aug 2018 - 03:56.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy