This page is part of a static HTML representation of the TiddlyWiki at https://tiddlywiki.com/

WebServer Parameter: csrf-disable

19th April 2019 at 5:13pm
WebServer Parameters

The web server configuration parameter csrf-disable causes the usual cross-site request forgery checks to be disabled. This might be necessary in unusual or experimental configurations.

Setting csrf-disable to yes disables the CSRF checks; no (or any other value) enables them.

The only currently implemented check is the use of a custom header called x-requested-with that must contain the string TiddlyWiki in order for write requests to succeed.