So I installed EE for the very first time. Copied the files, created the DB and user, ran the installation, and everything worked great.
Next, I go into my config file and set:
$config['csrf_protection'] = TRUE;
That’s all it takes… now I can’t log into the Control Panel! I get the “The action you have requested is not allowed.”
What am I doing wrong!?
Why are you trying to set that in your config file? I'm pretty sure csrf_protecton
is a CodeIgniter setting and not properly supported by EE. EE has other built in security measures to avoid CSRF attacks.