I'm running Moodle 2.9.1 and the Acunetix scanning tool reported many CSRF cases on different pages, please see attached `CSRF_files_list.txt` for the files list.
I'd read about this in Moodle docs where it's clearly stated that Moodle protects it self against this attack.
I'm confused because of having them, and forums say going https is sufficient to solve it, but mine is already so by using "https://" schema in the `$CFG->wwwroot`.
I don't know if it's serious issue or not, and even where to start digging? The one interested thing I found is that the page `/login/index.php` uses `$PAGE->set_url("$CFG->httpswwwroot/login/index.php");` which I couldn't find the `$CFG->httpswwwroot` configuration key in my site! is it anyhow relevant?
Any help is appreciated.