Adding CSRF into config

Adding CSRF token into form open()
author: Derek Allard <derek.allard@ellislab.com> 2010-07-22 20:10:26 +0200
committer: Derek Allard <derek.allard@ellislab.com> 2010-07-22 20:10:26 +0200
commit: 958543a38c2c97b0ec4c10fc9faf4f0753143880 (patch)
tree: 3fe57f162c835afc278b537fd2e5932828c55e6c /application/config
parent: 924000e27e10eb32cff6b7666a9d41546fd5f2bd (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php
index bd1429a46..6e52bcc17 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -267,6 +267,17 @@ $config['global_xss_filtering'] = FALSE;
 
 /*
 |--------------------------------------------------------------------------
+| Cross Site Forgery Request
+|--------------------------------------------------------------------------
+| Enables a CSFR cookie token to be set. When set to TRUE, token will be
+| checked on a submitted form. If you are accepting user data, it is strongly
+| recommended CSRF protection be enabled.
+*/
+$config['csrf_protection'] = FALSE;
+
+
+/*
+|--------------------------------------------------------------------------
 | Output Compression
 |--------------------------------------------------------------------------
 |
author	Derek Allard <derek.allard@ellislab.com>	2010-07-22 20:10:26 +0200
committer	Derek Allard <derek.allard@ellislab.com>	2010-07-22 20:10:26 +0200
commit	958543a38c2c97b0ec4c10fc9faf4f0753143880 (patch)
tree	3fe57f162c835afc278b537fd2e5932828c55e6c /application/config
parent	924000e27e10eb32cff6b7666a9d41546fd5f2bd (diff)