Forum Discussion
boneyard
Jul 14, 2015MVP
i would personally, certainly in a PoC, enable all three options in the blocking section for CSRF.
i checked in my lab, get the same situation with the comment on the script blocks but it works fine.
where exactly is the token expected where i doesn't show? remember there are cases where it isn't added specially in dynamically generated code.