What is CSRF and how should I configure CSRF protection in Workbench?
CSRF stands for Cross-Site Request Forgery, which is an attack where hackers trick users into inserting or manipulating data on their behalf through a web site the user trusts. To protect Workbench and your data against these types of attacks, CSRF protection is integrated into Workbench and relies on a “secret” stored on your Workbench instance. It is highly recommended that you change the default secret to something that only you have access to. You can do this by going to your configOverrides.php file, finding the “CSRF SECURITY SETTINGS” section, changing the default “CHANGE ME”, and uncommenting the line by removing the leading double backslashes. In addition to the standard CSRF protection in Workbench, you can also enable Login CSRF Protection to block programmatic logins to Workbench, which could be used as an attack. Note, if Login CSRF Protection is enabled, benign programmatic logins such as those from Workbench Tools for Firefox will also be blocked. To enable Login CSRF Pr
