User Tools

Site Tools


security:csrf

This is an old revision of the document!


CSRF Protection

GetSimple 3.0+ has a built-in security system to prevent CSRF. This will prevent attempts to create malicious cross-site attacks aimed at exploiting and/or compromising your GetSimple installation.

While, not recommended unless you are having problems: you can turn off CSRF protection (3.1+ only) via a gsconfig.php setting.

Reasons for False CSRF Problems

In rare circumstances, your GetSimple installation will give you false CSRF notices, and will not allow you to perform any actions such as saving/creating pages, deleting file, etc. This is a maintained list of reasons why this may happen:

  • File permissions are set to 0755 instead of 0644
security/csrf.1324647398.txt.gz · Last modified: 2013/04/19 14:57 (external edit)