Why am I being asked to confirm?

Foswiki checks all requests it receives from browsers, and tries to check that the persons using the browsers intentionally sent them.

An evil person may try to use your login identity to change content in your wiki without your knowledge.

The attacker tries to use your rights to get things, like admin rights for the site.

This is also known as Cross-site Request Forgery, or CSRF.

In a possible scenario, an evil person has left a link to seduce you to visit a page on http://crime.org, which has some clever javascript on it.

Their intention is to automatically save compromising data by sending a request to your server, using your browser and your identity.

If Foswiki detects a suspicious request that may have been sent from such a page, then you are asked to confirm the request.

The checks performed by Foswiki can sometimes be triggered when you do something perfectly innocent, for instance if you click the Back button after saving a page. Foswiki then uses the approach "better safe than sorry".