Hi,
I have VERY often "hijack detected" message. I have read the explanation that it is about hidden field with random data for protection and happens when many tabs are used or pages are reloaded. But it happens to me every third post. How to disable this? We run WC in local network only.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Agreed, the CRSF protection is prone to false alarms, and very much a nuisance if you use multiple tabs. However, it had to be put into the code because a security group filed a vulnerability against WebCollab (for not having it).
I will do a patch for removing this. Obviously this is creating potential security risk for you, but if you run on local network, the the risk is limited.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have looked carefully at the code. The code is fairly robust and should be working with multiple tabs, etc. What I do notice is that the 'timeout' period is very short. By default this is 5 minutes.
In the file [webcollab]/config/config.php look for 'TOKEN_TIMEOUT' and change this from 5 (minutes) to say 30, or even 60.
Let me know if that helps, or not.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have VERY often "hijack detected" message. I have read the explanation that it is about hidden field with random data for protection and happens when many tabs are used or pages are reloaded. But it happens to me every third post. How to disable this? We run WC in local network only.
Agreed, the CRSF protection is prone to false alarms, and very much a nuisance if you use multiple tabs. However, it had to be put into the code because a security group filed a vulnerability against WebCollab (for not having it).
I will do a patch for removing this. Obviously this is creating potential security risk for you, but if you run on local network, the the risk is limited.
I have looked carefully at the code. The code is fairly robust and should be working with multiple tabs, etc. What I do notice is that the 'timeout' period is very short. By default this is 5 minutes.
In the file [webcollab]/config/config.php look for 'TOKEN_TIMEOUT' and change this from 5 (minutes) to say 30, or even 60.
Let me know if that helps, or not.
Hi Andrew,
sorry to reply so late.
Since TOKEN_TIMEOUT is set by default 30 minutes, I do not encounter this message.
It works properly, thank you.
Thanks. Hmmm... this thread was over two years old.