This is a long -pending issue, still no suitable solution available.
Drupal version 7.56 and Anonymous forms like user login, view-exposed-filter-forms etc.
There is no CSRF protection for these forms and further description available that explains why is it not required?
But almost all security vulnerabilities software will give Medium-High risk warning to these forms that they are susceptible to CSRF forgery.
Is there something that we can do in to remove these security warnings. I have tried hacking /includes/common.inc methods viz drupal_get_token() and drupal_valid_token() to use ip-address if no anonymous-session available. But then token validity gets failed for all the forms.
I am stuck kindly help me.