Configuring XSRF Protection
Configuring Confluence Security
- Confluence Security Overview and Advisories
- Confluence Cookies
- Configuring Secure Administrator Sessions
- Using Fail2Ban to limit login attempts
- Securing Confluence with Apache
- Trackback and External Referrers
- Best Practices for Configuring Confluence Security
- Hiding the People Directory
- Configuring Captcha for Spam Prevention
- Hiding External Links From Search Engines
- Configuring Captcha for Failed Logins
- Configuring XSRF Protection
- User Email Visibility
- Anonymous Access to Remote API
- Running Confluence Over SSL or HTTPS
- Connecting to LDAP or JIRA applications or Other Services via SSL
- Configuring RSS Feeds
- Preventing and Cleaning Up Spam
On this page
Related content
- No related content found
Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data. All the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.
Please carefully consider the security risks before you disable XSRF protection for comments in your Confluence installation.
Read more about XSRF (Cross Site Request Forgery) at cgisecurity.com.
To configure XSRF protection for comments:
- Choose the cog icon
, then choose General Configuration under Confluence Administration - Choose Security Configuration in the left-hand panel.
- Choose Edit.
- Uncheck the Adding Comments checkbox in the XSRF Protection section, to disable XSRF protection.
- Choose Save.
Last modified on Dec 2, 2015
Related content
- No related content found
Powered by Confluence and Scroll Viewport.