caption: csrf-disable created: 20180630180340448 modified: 20180702142051779 tags: [[WebServer Parameters]] title: WebServer Parameter: csrf-disable type: text/vnd.tiddlywiki The [[web server configuration parameter|WebServer Parameters]] ''csrf-disable'' causes the usual [[cross-site request forgery|]] checks to be disabled. This might be necessary in unusual or experimental configurations. The only currently implemented check is the use of a [[custom header|]] called `x-requested-with` that must contain the string `TiddlyWiki` in order for write requests to succeed.