WARNING LocalSite.cfg could not be found (This is normal for a new installation)
This Foswiki is running using a bootstrap configuration worked out by detecting the layout of the installation. To complete the bootstrap process you should either:
  • Restore the missing LocalSite.cfg from a backup, or
  • Complete the new Foswiki installation:

You have been logged in as a temporary administrator. Any requests made to this Foswiki will be treated as requests made by an administrator with full rights Your temporary administrator rights will "stick" until you've logged out from this session.
A Proxy server was detected. {ForceDefaultUrlHost} has been enabled.

If this page is rendered without any styles and you are using SSL (https), your proxy server may be misconfigured. It must generate the X-Forwarded-Proto header. Try adding ?SSL=1 to the Foswiki URL to bypass this issue.

error Warning: Updates found for 1 extension(s): EditRowPlugin ... Upgrade
You are here: Foswiki>System Web>FAQWhyYouAreAskedToConfirm (06 Aug 2023, UnknownUser)Edit Attach

Why am I being asked to confirm?

This page explains one of the security measures that Foswiki, the software that runs this site, performs to secure this site from attackers.

Foswiki checks all requests it receives from browsers, and tries to check that the persons using the browsers intentionally sent them.

An evil person may try to use your login identity to change content in your wiki without your knowledge.

The attacker tries to use your rights to get things, like admin rights for the site.

This is also known as Cross-site Request Forgery, or CSRF.

In a possible scenario, an evil person has left a link to seduce you to visit a page on http://crime.org, which has some clever javascript on it.

Their intention is to automatically save compromising data by sending a request to your server, using your browser and your identity.

If Foswiki detects a suspicious request that may have been sent from such a page, then you are asked to confirm the request.

The checks performed by Foswiki can sometimes be triggered when you do something perfectly innocent, for instance if you click the Back button after saving a page. Foswiki then uses the approach "better safe than sorry".

You

Webserver running Foswiki

Who is requesting this, actually?

You

Evil person

Webserver running Foswiki

Not sure this is right, please confirm!

Confirmation required! Press OK to confirm this change was intentional
Press Cancel otherwise

OK

Cancel

Ah, no!

Ehm, let me go back to correct the page...

Webserver running Foswiki

Confirmation required! Press OK to confirm this change was intentional
Press Cancel otherwise

OK

Cancel

OK, this is still me!

Note: you must have Cookies and Javascript enabled in your browser to get past this screen. This is normally the case, but if something doesn't work, this is where to look first.

For more detailed information on cross-site request forgery, and the dangers it poses to you, see the Cross-site request forgery article on Wikipedia.

Wiki administrators should read about the SecurityFeatures topic on Foswiki.org.

Edit  | Attach |   | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 06 Aug 2023, UnknownUser
This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback