Closed keevitaja closed 11 years ago
That doesn't really help much, as this config key does autoload, not autovalidate.
@WanWizard An auto-validate option would be a great addition.
That would cause an exception where you won't be able to catch it (other then perhaps in your index.php), I'm not sure that is desirable.
Auto validation has been fixed in 1.6/develop, and will now throw a SecurityException if the token is missing or doesn't validate. You'll have to catch this in your index.php if you want to handle it gracefully.
Note that this requires that ALL your POST requests contain the token, both form and json posts!
Continue here: https://github.com/fuelphp/fieldset/issues/6
At the moment csrf_autoload in main config.php seemes to be useless, beacause you have to add the csrf token to view manually.