From 45a24df679ed7b576512cbfc206197bcfdb63c38 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 15 Jan 2019 14:07:05 +0100 Subject: [PATCH] More complete message --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 3f901ed0922..0315f17b743 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -380,7 +380,7 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf-> if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note, offender can still send request by GET { print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n"; - print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file).\n"; + print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).\n"; die; }