Foswiki provides advanced protection against Cross-Site Request Forgery - CSRF ( Wikipedia:Cross-site_request_forgery
- Field Validations - can detect and provide more immediate user notice of invalid names.
The Foswiki configuration tool
How to enable or disable CSRF validation.
The below documentation taken from the Foswiki configuration tool. On Foswiki version 1.0.x, this parameter is located in the "Security" section in the "Sessions" group. It is an "expert" parameter. Click the [Yes, I've read all the documentation]
button to reveal the setting. In the upcoming release of Foswiki 1.1, this setting will be visible by default, and not hidden as an expert setting.
- If it is set to "embedded", then embedded validation keys will be used.
- If it is set to "none", then no validation of posted requests will be performed.