Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.

(warning) Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.

Read more about XSRF (Cross Site Request Forgery) at cgisecurity.com.

To configure XSRF protection for comments:

  1. Choose the cog icon  at top right of the screen, then choose Confluence Admin.
  2. Choose Security Configuration in the left-hand panel.
  3. Choose Edit.
  4. Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
  5. Choose Save.