From 87413d447dcf95d8c35fbc565c504c6ceed2b256 Mon Sep 17 00:00:00 2001 From: Steve Gilvarry Date: Mon, 11 Feb 2019 05:08:58 +1100 Subject: [PATCH] Set CSRF on as the default for new installs. Fixes #2507 (#2508) * Set CSRF on as the default for new installs. Not sure we can impact config on existing installations. * Fix the spelling mistake that I noticed after editing this. --- scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index ff5b6ea33..536389062 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -366,7 +366,7 @@ our @options = ( }, { name => 'ZM_ENABLE_CSRF_MAGIC', - default => 'no', + default => 'yes', description => 'Enable csrf-magic library', help => q` CSRF stands for Cross-Site Request Forgery which, under specific @@ -375,11 +375,7 @@ our @options = ( this, the attacker must write a very specific web page and get you to navigate to it, while you are logged into the ZoneMinder web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will - help mitigate these kinds of attackes. Be warned this feature - is experimental and may cause problems, particularly with the API. - If you find a false positive and can document how to reproduce it, - then please report it. This feature defaults to OFF currently due to - its experimental nature. + help mitigate these kinds of attacks. `, type => $types{boolean}, category => 'system',