summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
authorEric Barnes <eric@ericlbarnes.com>2011-01-17 05:35:16 +0100
committerEric Barnes <eric@ericlbarnes.com>2011-01-17 05:35:16 +0100
commit9805ecce97dbd3f60891c19f27111f75851bd666 (patch)
tree6f511dc59d0aeb163bdfba195fa91d98dd4f70ef /application/config/config.php
parent57274bd972cc6f30b44695947dfdaea686ab56e8 (diff)
Added access scope to security library and added config options for csrf protection
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php10
1 files changed, 8 insertions, 2 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 5c6cc0aec..e22199685 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -286,9 +286,15 @@ $config['global_xss_filtering'] = FALSE;
| Enables a CSRF cookie token to be set. When set to TRUE, token will be
| checked on a submitted form. If you are accepting user data, it is strongly
| recommended CSRF protection be enabled.
+|
+| 'csrf_token_name' = The token name
+| 'csrf_cookie_name' = The cookie name
+| 'csrf_expire' = The number in seconds the token should expire.
*/
-$config['csrf_protection'] = FALSE;
-
+$config['csrf_protection'] = TRUE;
+$config['csrf_token_name'] = 'csrf_test_name';
+$config['csrf_cookie_name'] = 'csrf_cookie_name';
+$config['csrf_expire'] = 7200;
/*
|--------------------------------------------------------------------------