From 285262b6c668b4f367f8222880ceb01be39fd3ac Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Thu, 29 Aug 2013 17:55:52 +0200
Subject: Add CSRF protection

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/config/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'application/config')

diff --git a/application/config/config.php b/application/config/config.php
index dda82de97..4aadac68d 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -293,7 +293,7 @@ $config['global_xss_filtering'] = FALSE;
 | 'csrf_cookie_name' = The cookie name
 | 'csrf_expire' = The number in seconds the token should expire.
 */
-$config['csrf_protection'] = FALSE;
+$config['csrf_protection'] = FALSE; // our controller enables this later
 $config['csrf_token_name'] = 'csrf_test_name';
 $config['csrf_cookie_name'] = 'csrf_cookie_name';
 $config['csrf_expire'] = 7200;
-- 
cgit v1.2.3-24-g4f1b