We're updating the issue view to help you get more done.Learn more

Admin CSRF Protection: ability to turn off / configure timeout

For some scenarios, CSRF protection is not worth the annoyance that it generates. i.e. the risk of a CSRF attack against a small site with it's own admin URL is so small that the annoyance of getting timed out forms outweighs the benefit.

Add ability to configure CSRF Protection timeouts and to turn it off altogether (for the admin)

Status

Assignee

Unassigned

Reporter

Dominic Watson

Accepted

Yes

Fix versions

Priority

Medium