Well, just for fun I thought I would increase store security a bit by turning on this switch in config.local.php:
'anti_csfr' => false, // protect forms from CSFR attacks (experimental)
'anti_csfr' => true, // protect forms from CSFR attacks (experimental)
That was a couple days ago, and I don't remember if I logged back in since as the Admin (or if I ever logged out, to be honest), but this morning when I tried to login instead of the admin panel I got this message in a otherwise blank page:
Access denied: CSRF attack[/indent]
So I wander now if:
[indent]Is anyone here using this successfully? And how?[/indent]
I know it says “experimental” and all, but a more secure site is a good thing to have.
Any advice appreciated!
(BTW, I was able to login once I turned it back to “false”)[/size]