Configuring XSRF Protection
Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.
Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.
Read more about XSRF (Cross Site Request Forgery) at cgisecurity.com.
To configure XSRF protection for comments:
- Choose the cog icon , then choose General Configuration under Confluence Administration
- Choose Security Configuration in the left-hand panel.
- Choose Edit.
- Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
- Choose Save.