[rt-users] Any way to disable "cross-site request forgery" ?

Ethier, Michael methier at CGR.Harvard.edu
Fri Sep 14 15:37:06 EDT 2012


Hi,

We have a RT 4.0.7 instance setup that can be accessed by 2 different urls.
With one url we get this message:

RT has detected a possible cross-site request forgery for this
request, because the Referrer header supplied by your browser
(prodrt.rcs.fas.harvard.edu:443) is not allowed by RT's configured
hostname (prodrt.fas.harvard.edu:443). This is possibly caused by a
malicious attacker trying to perform actions against RT on your
behalf. If you did not initiate this request, then you should alert
your security team.

The other url path we don't. This is annoying to some of the people using RT.
Is there any way to disabled these warnings ? This didn't exist in an earlier
version of RT we were running (v3.8.8).

Thanks,
Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120914/f525d6d0/attachment.htm>


More information about the rt-users mailing list