Is there a way to disable CSRF protection for one project?


We are on Community Edition 8.9.7. We have a team that is getting a CSRF error which is preventing them from taking their build to production. We’ve determined this vulnerability is not applicable in the project as it is an internal backend API.

Is there a way to disable this error/vulnerability for just this project?

Hey there.

If it’s a single issue raised by a single rule, it sounds like the best thing to do is for a user with Administer Issues permissions on the project to mark the issue as a false-positive.

Hi Colin,

Thanks for the response. The issue is actually showing in the Security Hotspot tab for the project, but I am unable to change the status. I’ve tried with both my personal account (with full admin perms) as well as our local admin, and neither one is able to change the status.

What permission is required to change the status?

Administer Security Hotspots

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.