* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations. * Fix the spelling mistake that I noticed after editing this.
This commit is contained in:
parent
c9032d3cb4
commit
87413d447d
|
@ -366,7 +366,7 @@ our @options = (
|
|||
},
|
||||
{
|
||||
name => 'ZM_ENABLE_CSRF_MAGIC',
|
||||
default => 'no',
|
||||
default => 'yes',
|
||||
description => 'Enable csrf-magic library',
|
||||
help => q`
|
||||
CSRF stands for Cross-Site Request Forgery which, under specific
|
||||
|
@ -375,11 +375,7 @@ our @options = (
|
|||
this, the attacker must write a very specific web page and get
|
||||
you to navigate to it, while you are logged into the ZoneMinder
|
||||
web console at the same time. Enabling ZM_ENABLE_CSRF_MAGIC will
|
||||
help mitigate these kinds of attackes. Be warned this feature
|
||||
is experimental and may cause problems, particularly with the API.
|
||||
If you find a false positive and can document how to reproduce it,
|
||||
then please report it. This feature defaults to OFF currently due to
|
||||
its experimental nature.
|
||||
help mitigate these kinds of attacks.
|
||||
`,
|
||||
type => $types{boolean},
|
||||
category => 'system',
|
||||
|
|
Loading…
Reference in New Issue