User Tools

Site Tools


security:csrf

CSRF Protection

GetSimple 3.0+ has a built-in security system to prevent CSRF. This will prevent attempts to create malicious cross-site attacks aimed at exploiting and/or compromising your GetSimple installation.

While, not recommended unless you are having problems: you can turn off CSRF protection (3.1+ only) via a gsconfig.php setting.

Reasons for False CSRF Errors

In rare circumstances, your GetSimple installation will give you false CSRF notices, and will not allow you to perform any actions such as saving/creating pages, deleting file, etc. This is a maintained list of reasons why this may happen:

  • File permissions are set to 0755 instead of 0644
security/csrf.txt · Last modified: 2013/04/19 15:04 (external edit)