Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Disable CSRF

    webGUI
    3
    8
    3696
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Essential last edited by

      Hello all!

      My question is how i can disable CSRF at all pages? We trying make some automation for pfsense and this check give for us some problem.

      PS and maybe pfsense have some API? or something like that?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        It's under System–>Advanced-->Admin Access
        There you can also define alternative names which should be allowed.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • E
          Essential last edited by

          @GruensFroeschli:

          It's under System–>Advanced-->Admin Access
          There you can also define alternative names which should be allowed.

          What exactly you mean?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschli
            GruensFroeschli last edited by

            I gave the answer to what you asked?
            Just tick the checkbox "Disable HTTP_REFERER enforcement check "

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • E
              Essential last edited by

              @GruensFroeschli:

              I gave the answer to what you asked?
              Just tick the checkbox "Disable HTTP_REFERER enforcement check "

              This chechbox dont disable csrf check  :(

              1 Reply Last reply Reply Quote 0
              • GruensFroeschli
                GruensFroeschli last edited by

                Then what do you think it does?
                It certainly allows me to access my pfSense with any name i point to the it….

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • C
                  cmb last edited by

                  The CSRF check is different and completely separate from the REFERER check. There is no way short of editing the source on all the pages to disable the CSRF checks.

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschli
                    GruensFroeschli last edited by

                    D'oh.
                    I feel stupid.
                    Sorry i mixed terms up…
                    i guess the answer is in the other thread in which you wrote where it's described how to change the code.

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post