summaryrefslogtreecommitdiffstats
path: root/application/config
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-08-29 17:55:52 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-09-02 22:02:27 +0200
commit285262b6c668b4f367f8222880ceb01be39fd3ac (patch)
tree2607d33e77a4ee38970a122eeb5fc4a8f60f9250 /application/config
parent84ce2c6ce0eb1b4f2f32c4ae0d7e08f3571f5018 (diff)
Add CSRF protection
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/config')
-rw-r--r--application/config/config.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/application/config/config.php b/application/config/config.php
index dda82de97..4aadac68d 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -293,7 +293,7 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
*/
-$config['csrf_protection'] = FALSE;
+$config['csrf_protection'] = FALSE; // our controller enables this later
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;