AnsweredAssumed Answered

How does SugarCRM handle form token authentication for preventing cross-site request forgery

Question asked by Daniel Gray on Nov 17, 2015

I see that there is a config_override.php config page where you can set http_referer sites and a list of http_referer actions, but setting these don't make a difference. I created a mock login page on a separate host and was able to login to Sugar CRM even though I had added my Sugar instance host to the config_override.php settings. I am using Sugarcrm CE 6.5.22. Any information regarding this aspect is much appreciated!

Outcomes