* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations. * Fix the spelling mistake that I noticed after editing this.
This commit is contained in:
parent
c9032d3cb4
commit
87413d447d
|
@ -366,7 +366,7 @@ our @options = (
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name => 'ZM_ENABLE_CSRF_MAGIC',
|
name => 'ZM_ENABLE_CSRF_MAGIC',
|
||||||
default => 'no',
|
default => 'yes',
|
||||||
description => 'Enable csrf-magic library',
|
description => 'Enable csrf-magic library',
|
||||||
help => q`
|
help => q`
|
||||||
CSRF stands for Cross-Site Request Forgery which, under specific
|
CSRF stands for Cross-Site Request Forgery which, under specific
|
||||||
|
@ -375,11 +375,7 @@ our @options = (
|
||||||
this, the attacker must write a very specific web page and get
|
this, the attacker must write a very specific web page and get
|
||||||
you to navigate to it, while you are logged into the ZoneMinder
|
you to navigate to it, while you are logged into the ZoneMinder
|
||||||
web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will
|
web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will
|
||||||
help mitigate these kinds of attackes. Be warned this feature
|
help mitigate these kinds of attacks.
|
||||||
is experimental and may cause problems, particularly with the API.
|
|
||||||
If you find a false positive and can document how to reproduce it,
|
|
||||||
then please report it. This feature defaults to OFF currently due to
|
|
||||||
its experimental nature.
|
|
||||||
`,
|
`,
|
||||||
type => $types{boolean},
|
type => $types{boolean},
|
||||||
category => 'system',
|
category => 'system',
|
||||||
|
|
Loading…
Reference in New Issue