lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NEW The protection MAIN_SECURITY_CSRF_WITH_TOKEN=1 is on by default

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-29 17:34:31 +02:00
parent 670a80c74c
commit a9805fbfc1
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/core/class/conf.class.php
View File

@ -826,9 +826,10 @@ class Conf
$this->global->MAIN_MODULE_DOLISTORE_API_KEY = 'dolistorecatalogpublickey1234567';
}
// If we are in develop mode, we activate the option MAIN_SECURITY_CSRF_WITH_TOKEN to 1 if not already defined.
if (!isset($this->global->MAIN_SECURITY_CSRF_WITH_TOKEN) && $this->global->MAIN_FEATURES_LEVEL >= 2) {
$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 1;
// Enable by default the CSRF protection by token.
if (!isset($this->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) {
$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 1; // Value 2 uses also CSRF check for all GET requests
// Note: Set MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL=1 to have a renewal of token at each page call instead of each session (not recommended)
}
if (defined('MAIN_ANTIVIRUS_COMMAND')) {