Conferming actions to prevent exploits


while exploring the admin dashboard I must have inadvertently activated some action which causes an annoying message to come up everytime I click on a link in my intranet site.

The message is in italian but it saying that "This page is preventing attempted exploits ..." and then there is a button to confirm the action. Clearly I must have activated this but I can't seem to figure out how to switch it off. Next time I will make one change at a time and write down what I change ...

Can someone let me know how I switch it off?


This a warning from plone.protect. This happens when a GET request causes a write operation.

Unfortunately this protection is super flaky and error-peone with many false positives.

As Andreas already told you, this message comes from plone.protect. Its documentation on PyPI (--> "") tells you what it is for and how you can disable it (search that documentation for "disable").

Of course, disabling it causes the loss of the protection against some kinds of attacks (CSRF (= "Cross Site Request Forgery") attacks). A (not easy) alternative it to find out what objects are written by what code and fix it.