Security and App Bridging : $dolibarr_nocsrfcheck

weblan · September 30, 2017, 2:27am

In my default config file I have:
$dolibarr_nocsrfcheck=‘0’;
And there are no coding comments as to what the value ‘0’ or ‘1’ or any other would mean.

Does the value ‘0’ mean that this is preventing cross scripting security issues OR does it mean that it is turn off opening the site to security issues?

This came to my attention because while trying to get the MyDoli App to to connect to Dolibarr for remote management, it would not connect unless $dolibarr_nocsrfcheck was changed to ‘1’.

So if I change it to ‘1’ for MyDoli access, am I now opening a security issue.

Thanks

weblan · October 5, 2017, 7:59am

Does anyone know about the config settings or where to find config setting information about them.

It seems strange that this has every one stumped.

fappels · October 5, 2017, 2:56pm

Hi,

‘0’ means ‘Off’ and ‘1’ means ‘On’, so if you set to ‘On’ there will be NO CSRF Prevention.

weblan · October 6, 2017, 12:44am

Thank you fappels.

It seems that I will have to look for another Android App solution that keeps the security in place.