Configuring XSRF Protection

Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.

(warning) Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.

Read more about XSRF (Cross Site Request Forgery) at cgisecurity.com.

To configure XSRF protection for comments:

  1. Error rendering macro 'excerpt-include'

    User 'null' does not have permission to view the page.

  2. Choose Security Configuration in the left-hand panel.
  3. Choose Edit.
  4. Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
  5. Choose Save.
Last modified on Oct 9, 2013

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.