This question about Configuration: Answered but needs rewriting

How to disable Cross Site Request Forgery ( CSRF ) warning?

I am integrating foswiki as an intranet solution for a firm with about 1000 emplyees. The webserver and everything is heavyly shielded and the authentication unique to the person. I get questions all the time from people how feel threatened by the CSRF warning. And I don't see any need for this warning in enviroment but was not able to find a clean solution to disable it. I guess i overlooked it. Anyway. Maybe a it's good to have this question answered for your support database. And of course you would help us very much with it smile

Kind regards,

-- EnrikGuenter - 24 Nov 2010

If you are referring to the page that is headed "Warning! Confirmation required" (or local language equivalent) then you can change the behaviour in configure:

Security and Authentication ... Sessions ... {Validation}{Method} defaults to strikeone but can be set to none to disable CSRF warnings.

-- MartinRowe - 24 Nov 2010

I have had the same problem of "Warning! Confirmation required" sites popping up everytime a change was submitted to the wiki (edit, user registration, etc.) after upgrading from 1.0.9 to 1.1.2. Even worse some Firefox browsers didn't even showed an OK button.

Setting the {Validation}{Method} to embedded did the trick for me even if the OK button is still missing sometimes.

-- PhilippWeber - 26 Nov 2010

QuestionForm edit

Subject Configuration
Version Foswiki 1.1.2
Status Answered but needs rewriting
Topic revision: r3 - 26 Nov 2010, PhilippWeber - This page was cached on 06 Aug 2020 - 21:25.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy