Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
http: Add config option to disable CSRF protection (Fixes: #1713) #1714
This will remove the requirement to set a
I am not sold on the config name but I wanted to make it really clear that setting it is less secure. Alternate name suggestions welcome.
Also, I am not 100% sure if we should be disabling all the protections (as is currently implemented here) or if we should just remove the requirement to set a
I think the config name is OK. Maybe flip it around and remove the
Looks good to me. Only suggestion I'd have is, if it's going to be called
and double negation always gives me headaches. But that's nit-picking, really.