From 958543a38c2c97b0ec4c10fc9faf4f0753143880 Mon Sep 17 00:00:00 2001
From: Derek Allard <derek.allard@ellislab.com>
Date: Thu, 22 Jul 2010 14:10:26 -0400
Subject: Adding CSRF into config Adding CSRF token into form open()

---
 application/config/config.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'application/config/config.php')

diff --git a/application/config/config.php b/application/config/config.php
index bd1429a46..6e52bcc17 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -265,6 +265,17 @@ $config['cookie_path']		= "/";
 */
 $config['global_xss_filtering'] = FALSE;
 
+/*
+|--------------------------------------------------------------------------
+| Cross Site Forgery Request
+|--------------------------------------------------------------------------
+| Enables a CSFR cookie token to be set. When set to TRUE, token will be
+| checked on a submitted form. If you are accepting user data, it is strongly
+| recommended CSRF protection be enabled.
+*/
+$config['csrf_protection'] = FALSE;
+
+
 /*
 |--------------------------------------------------------------------------
 | Output Compression
-- 
cgit v1.2.3-24-g4f1b