DiscourseConnect flow no longer functions

It’s now possible to disable the protection via the rails console by running

SiteSetting.discourse_connect_csrf_protection=false

You should only do this if you understand and accept the risks it introduces. For anyone hosted by discourse.org, please get in touch and we can flip the setting for you.

(cc @rysher who had a similar request)

9 Likes