This page last changed on Jul 06, 2010 by alui.

Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data (read more about XSRF (Cross Site Request Forgery)). All of the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.

Please carefully consider the security risks before you disable XSRF protection in your Confluence installation.

To configure XSRF protection,

  1. Go to the Confluence 'Administration Console'. To do this:

    • Open the 'Browse' menu and select 'Confluence Admin'. The 'Administrator Access' login screen will be displayed.
    • Enter your password and click 'Confirm'. You will be temporarily logged into a secure session to access the 'Administration Console'.
  2. Click 'Security Configuration' in the 'Security' section. The 'Edit Security Configuration' screen will be displayed.
  3. Click the 'Edit' link.
  4. To disable XSRF protection, uncheck the 'Add Comments' checkbox in the 'XSRF Protection' section.
  5. Click the 'Save' button.

Screenshot: Configuring XSRF protection

Document generated by Confluence on Mar 16, 2011 18:30