Configuring XSRF Protection

Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.

(warning) Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.

Read more about XSRF (Cross Site Request Forgery) at

To configure XSRF protection for comments:

  1. Select Administration , then select General Configuration
  2. Choose Security Configuration in the left-hand panel.
  3. Choose Edit.
  4. Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
  5. Choose Save.
Last modified on Mar 31, 2023

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.