You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During the installation the installer tells you to make the CSRF path read-only after the installation finished. It does not tell where it is or provide an example for how to set the write permissions.
The installation completes regardless of the setting but it causes a lot of permission error logging in the cacti log.
Also the csrf-secret.php file can be access directly, exposing the secret to the web. It should be hidden and not returning the plain secret.
To Reproduce
Install a fresh Cacti
Expected behavior
Either show example commands or move the csfr-secret.php somewhere where it can be written/created.
Screenshots
Desktop (please complete the following information)
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information)
Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
@netniV, assigned this to you. I think at least in the example we should show the vendor directory, without much explanation as a directory that only requires write for install. This is a one line change. We can do something glorious (aka different) in 1.3.
Describe the bug
During the installation the installer tells you to make the CSRF path read-only after the installation finished. It does not tell where it is or provide an example for how to set the write permissions.
The installation completes regardless of the setting but it causes a lot of permission error logging in the cacti log.
Also the csrf-secret.php file can be access directly, exposing the secret to the web. It should be hidden and not returning the plain secret.
To Reproduce
Install a fresh Cacti
Expected behavior
Either show example commands or move the csfr-secret.php somewhere where it can be written/created.
Screenshots
Desktop (please complete the following information)
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information)
Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: