methier at CGR
Sep 14, 2012, 12:37 PM
Post #1 of 2
Any way to disable "cross-site request forgery" ?
We have a RT 4.0.7 instance setup that can be accessed by 2 different urls.
With one url we get this message:
RT has detected a possible cross-site request forgery for this
request, because the Referrer header supplied by your browser
(prodrt.rcs.fas.harvard.edu:443) is not allowed by RT's configured
hostname (prodrt.fas.harvard.edu:443). This is possibly caused by a
malicious attacker trying to perform actions against RT on your
behalf. If you did not initiate this request, then you should alert
your security team.
The other url path we don't. This is annoying to some of the people using RT.
Is there any way to disabled these warnings ? This didn't exist in an earlier
version of RT we were running (v3.8.8).