Configuring XSRF Protection

Confluence has XSRF protection enabled by default. For example, the XSRF token must be sent on comment creation, to prevent users from being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it. Currently, we permit disabling the XSRF check solely for the endpoint used to add comments.

(warning) Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.

Read more about XSRF (Cross Site Request Forgery) at cgisecurity.com.

To configure XSRF protection for comments:

  1. Select Administration menu , then select General Configuration
  2. Select Security Configuration in the left-hand panel.
  3. Select Edit.
  4. Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
  5. Select Save.
Last modified on Dec 10, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.