diff options
| author | Eric Barnes <eric@ericlbarnes.com> | 2011-01-17 05:35:16 +0100 |
|---|---|---|
| committer | Eric Barnes <eric@ericlbarnes.com> | 2011-01-17 05:35:16 +0100 |
| commit | 9805ecce97dbd3f60891c19f27111f75851bd666 (patch) | |
| tree | 6f511dc59d0aeb163bdfba195fa91d98dd4f70ef /application/config/config.php | |
| parent | 57274bd972cc6f30b44695947dfdaea686ab56e8 (diff) | |
Added access scope to security library and added config options for csrf protection
Diffstat (limited to 'application/config/config.php')
| -rw-r--r-- | application/config/config.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/application/config/config.php b/application/config/config.php index 5c6cc0aec..e22199685 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -286,9 +286,15 @@ $config['global_xss_filtering'] = FALSE; | Enables a CSRF cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. +| +| 'csrf_token_name' = The token name +| 'csrf_cookie_name' = The cookie name +| 'csrf_expire' = The number in seconds the token should expire. */ -$config['csrf_protection'] = FALSE; - +$config['csrf_protection'] = TRUE; +$config['csrf_token_name'] = 'csrf_test_name'; +$config['csrf_cookie_name'] = 'csrf_cookie_name'; +$config['csrf_expire'] = 7200; /* |-------------------------------------------------------------------------- |