From 60eeb0d338910d1384e8de476dce4f1db56ea132 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Wed, 21 Apr 2021 13:30:28 -0400
Subject: [PATCH] Hide the `oauth2_disable_csrf` setting (#41)

It can be useful for homegrown CSRF setups or while debugging but it is
not secure and should only be used if you really know what you're doing.
---
 config/settings.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/settings.yml b/config/settings.yml
index ab373e7..5fcec9d 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -49,3 +49,4 @@ login:
     default: false
   oauth2_disable_csrf:
     default: false
+    hidden: true