Set CSRF on as the default for new installs. Fixes #2507 (#2508)

* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.

* Fix the spelling mistake that I noticed after editing this.
This commit is contained in:
Steve Gilvarry 2019-02-11 05:08:58 +11:00 committed by Isaac Connor
parent c9032d3cb4
commit 87413d447d
1 changed files with 2 additions and 6 deletions

View File

@ -366,7 +366,7 @@ our @options = (
}, },
{ {
name => 'ZM_ENABLE_CSRF_MAGIC', name => 'ZM_ENABLE_CSRF_MAGIC',
default => 'no', default => 'yes',
description => 'Enable csrf-magic library', description => 'Enable csrf-magic library',
help => q` help => q`
CSRF stands for Cross-Site Request Forgery which, under specific CSRF stands for Cross-Site Request Forgery which, under specific
@ -375,11 +375,7 @@ our @options = (
this, the attacker must write a very specific web page and get this, the attacker must write a very specific web page and get
you to navigate to it, while you are logged into the ZoneMinder you to navigate to it, while you are logged into the ZoneMinder
web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will
help mitigate these kinds of attackes. Be warned this feature help mitigate these kinds of attacks.
is experimental and may cause problems, particularly with the API.
If you find a false positive and can document how to reproduce it,
then please report it. This feature defaults to OFF currently due to
its experimental nature.
`, `,
type => $types{boolean}, type => $types{boolean},
category => 'system', category => 'system',