0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2024-12-16 21:46:22 -05:00
astro/.changeset/itchy-toys-march.md
Emanuele Stoppa 7c0ccfc269
feat: change default value of checkOrigin (#11788)
* feat: change default value of `checkOrigin`

* feedback

* feedback

* change `checkOrigin`
2024-08-23 16:07:20 +01:00

17 lines
627 B
Markdown

---
'astro': major
---
Updates the default value of `security.checkOrigin` to `true`, which enables Cross-Site Request Forgery (CSRF) protection by default for pages rendered on demand.
If you had previously configured `security.checkOrigin: true`, you no longer need this set in your Astro config. This is now the default and it is safe to remove.
To disable this behavior and opt out of automatically checking that the “origin” header matches the URL sent by each request, you must explicitly set `security.checkOrigin: false`:
```diff
export default defineConfig({
+ security: {
+ checkOrigin: false
+ }
})
```