From aeb2c3e532e78be9ac78ba6fd4a305b7be31d2ab Mon Sep 17 00:00:00 2001
From: Alex Bilbie <alex.bilbie@gmail.com>
Date: Sun, 21 Aug 2011 16:14:54 +0100
Subject: Added new config parameter "csrf_exclude_uris" which allows for URIs
 to be whitelisted from CSRF verification. Fixes #149

---
 application/config/config.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'application')

diff --git a/application/config/config.php b/application/config/config.php
index 1ec65435e..b64b11669 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -292,11 +292,13 @@ $config['global_xss_filtering'] = FALSE;
 | 'csrf_token_name' = The token name
 | 'csrf_cookie_name' = The cookie name
 | 'csrf_expire' = The number in seconds the token should expire.
+| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
 */
 $config['csrf_protection'] = FALSE;
 $config['csrf_token_name'] = 'csrf_test_name';
 $config['csrf_cookie_name'] = 'csrf_cookie_name';
 $config['csrf_expire'] = 7200;
+$config['csrf_exclude_uris'] = array();
 
 /*
 |--------------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b