summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-01-08 04:19:53 +0100
committerAndrey Andreev <narf@bofh.bg>2012-01-08 04:19:53 +0100
commitbf70d6245046d743573c604aeda3280870e19e41 (patch)
tree63e5dd015b2121bc547ed2ecadbb80dfda3cfb3d /application/config/config.php
parentbb488dc3d4bbac9ac9a1860f066069e4bb4afdcb (diff)
parent352d60e9f3a65def29e02a4507ef742eac255333 (diff)
Merge remote-tracking branch 'upstream/develop' into develop-core-security
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php
index bb35324c3..17b854b29 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -326,12 +326,14 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
+| 'csrf_regenerate' = Regenerate token on every submission
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
+$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
/*