You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation of CSRF cause issues when hosting multiple Portainer instances on the same host (multiple exposed ports for example).
Plus, this implementation does not have any token validity check and token expiration policy.
It also requires the CSRF data generated by the server to be persisted in order to restart/ugprade the portainer instance associated to a specified domain, otherwise users would need to clean out the cookies associated to the domain in order to retrieve a token valid with the new instance.
The text was updated successfully, but these errors were encountered:
CSRF protection has been disabled in #310
The current implementation of CSRF cause issues when hosting multiple Portainer instances on the same host (multiple exposed ports for example).
Plus, this implementation does not have any token validity check and token expiration policy.
It also requires the CSRF data generated by the server to be persisted in order to restart/ugprade the portainer instance associated to a specified domain, otherwise users would need to clean out the cookies associated to the domain in order to retrieve a token valid with the new instance.
The text was updated successfully, but these errors were encountered: