Set CSRF on as the default for new installs. Fixes #2507 (#2508)

* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.

* Fix the spelling mistake that I noticed after editing this.
This commit is contained in:
Steve Gilvarry 2019-02-11 05:08:58 +11:00 committed by Isaac Connor
parent c9032d3cb4
commit 87413d447d
1 changed files with 2 additions and 6 deletions

View File

@ -366,7 +366,7 @@ our @options = (
},
{
name => 'ZM_ENABLE_CSRF_MAGIC',
default => 'no',
default => 'yes',
description => 'Enable csrf-magic library',
help => q`
CSRF stands for Cross-Site Request Forgery which, under specific
@ -375,11 +375,7 @@ our @options = (
this, the attacker must write a very specific web page and get
you to navigate to it, while you are logged into the ZoneMinder
web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will
help mitigate these kinds of attackes. Be warned this feature
is experimental and may cause problems, particularly with the API.
If you find a false positive and can document how to reproduce it,
then please report it. This feature defaults to OFF currently due to
its experimental nature.
help mitigate these kinds of attacks.
`,
type => $types{boolean},
category => 'system',