瀏覽代碼

Update security scope

Laurent Destailleur 4 年之前
父節點
當前提交
ab5ac6a629
共有 1 個文件被更改,包括 1 次插入0 次删除
  1. 1 0
      SECURITY.md

+ 1 - 0
SECURITY.md

@@ -66,6 +66,7 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is
 
 * $dolibarr_main_prod must be set to 1 into conf.php
 * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
+* $dolibarr_main_force_https must be set to something else than 0.
 * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool)
 * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
 * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default)