Actions
Feature #25362
closed
option to disable csrf completely
Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-03-21
Due date:
% Done:
0%
Estimated time:
PHP Version:
5.2
Tags:
Complexity:
Sprint Focus:
Description
CSRF leads on productive systems with a lot of regular users to a lot of errors and frustration.
As long as it is not 100% teste and productively usable, it needs a disable function. Of course the basic idea is great, but because it leads to a lot of false positives (errors even if everything is right...) we have to be able to disable it in productive systems.
We'll make a patch-XCLASS extension to have a quick-fix.
> It's great to bring innovation but please fix the existing things and then innovate, don't add stuff to stuff that is not working yet :(
(issue imported from #M17995)
Updated by 
Updated by 
Updated by 
Updated by
Actions