Uploaded image for project: 'PresideCMS'
  1. PRESIDECMS-960

Admin CSRF Protection: ability to turn off / configure timeout

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects versions: None
    • Fix versions: 10.9.0
    • Labels:
      None
    • Sprint:
    • Accepted:
      Yes

      Description

      For some scenarios, CSRF protection is not worth the annoyance that it generates. i.e. the risk of a CSRF attack against a small site with it's own admin URL is so small that the annoyance of getting timed out forms outweighs the benefit.

      Add ability to configure CSRF Protection timeouts and to turn it off altogether (for the admin)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              admin Dominic Watson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: