diff options
| author | Alex Bilbie <alex.bilbie@gmail.com> | 2011-08-21 17:14:54 +0200 |
|---|---|---|
| committer | Alex Bilbie <alex.bilbie@gmail.com> | 2011-08-21 17:14:54 +0200 |
| commit | aeb2c3e532e78be9ac78ba6fd4a305b7be31d2ab (patch) | |
| tree | 91050bc3c6fb7cbcd26c96cc577e60571dedd1a1 /application/config/config.php | |
| parent | a1a8ef711ec179a183a32f6cf4502ddc48782a84 (diff) | |
Added new config parameter "csrf_exclude_uris" which allows for URIs to be whitelisted from CSRF verification. Fixes #149
Diffstat (limited to 'application/config/config.php')
| -rw-r--r-- | application/config/config.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php index 1ec65435e..b64b11669 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -292,11 +292,13 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. +| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; +$config['csrf_exclude_uris'] = array(); /* |-------------------------------------------------------------------------- |