Confluence requires an XSRF token to be present on comment creation, to prevent users being tricked into unintentionally submitting malicious data (read more about XSRF (Cross Site Request Forgery)). All of the themes bundled with Confluence have been designed to use this feature. However, if you are using a custom theme that does not support this security feature, you can disable it.

(warning) Please carefully consider the security risks before you disable XSRF protection in your Confluence installation.

 

To configure XSRF protection:

  2. Click 'Security Configuration' in the 'Security' section. The 'Edit Security Configuration' screen will be displayed.
  3. Click the 'Edit' link.
  4. To disable XSRF protection, uncheck the 'Add Comments' checkbox in the 'XSRF Protection' section.
  5. 保存」ボタンをクリックします。


Screenshot: Configuring XSRF protection