Disable back office token

[DARKF3D3]

There's a way to disable back office token?

I often keep several tabs of the browser opened with back office pages, the problem it's that after a while when reopening these tabs Prestashop show message: "Invalid token: direct access to this link may lead to a potential security breach", so I have to reload all these pages again.

This happens on PS1.7.7 (PHP7.3) while on the previous PS version I was using PS1.7.4 (PHP7.1) this didn't happen.
So I'm wondering if there's a way to avoid this.

[DARKF3D3]

Any help?

[dbdropper]

Found it! 

https://devdocs.prestashop-project.org/8/development/configuration/configuring-prestashop/#disable-the-back-office-token-protection

Apache with mod_headers:

SetEnv _TOKEN_ disabled

Nginx with ngx_http_headers_module:

add_header _TOKEN_ disabled;

 

[Julien Guézennec]

I was running this solution for month, it was nice, but this morning (24/1/24) the backoffice is in error 504...
Removed the Apache .htaccess instruction and it work again...

#SetEnv _TOKEN_ disabled

Anybody have solution to remove the token again ?

Prestashop log : 

*ERROR*     v1.7.8.11    2024/01/24 - 09:18:30: Token is not defined ! at line 229 in file modules/ps_metrics/src/Helper/PrestaShopHelper.php

Apache log :

2024-01-23 17:14:39Error217.30.10.68[client 217.30.10.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.officedental.fr"] [uri "/.env"] [unique_id "Za-l74e3vi0HlsyAzJfW9gAAANg"]