mirrors/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-11-23 18:17:20 +00:00
Code Issues Releases Wiki Activity

Docs: Update WebServer Parameter: csrf-disable

Browse Source
This commit is contained in:
Jermolene 2019-04-23 17:53:19 +01:00
parent df416814b1
commit 4401e71498
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
editions/tw5.com/tiddlers/webserver/WebServer Parameter_ csrf-disable.tid
View File

@ -1,10 +1,12 @@
caption: csrf-disable
created: 20180630180340448
modified: 20180702142051779
modified: 20190419171355307
tags: [[WebServer Parameters]]
title: WebServer Parameter: csrf-disable
type: text/vnd.tiddlywiki
The [[web server configuration parameter|WebServer Parameters]] ''csrf-disable'' causes the usual [[cross-site request forgery|https://en.wikipedia.org/wiki/Cross-site_request_forgery]] checks to be disabled. This might be necessary in unusual or experimental configurations.
Setting ''csrf-disable'' to `yes` disables the CSRF checks; `no` (or any other value) enables them.
The only currently implemented check is the use of a [[custom header|https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers]] called `x-requested-with` that must contain the string `TiddlyWiki` in order for write requests to succeed.