diff --git a/classes/security.html b/classes/security.html index 6c4324ea8..34cf04e68 100644 --- a/classes/security.html +++ b/classes/security.html @@ -171,6 +171,14 @@

Configuration

When csrf_autoload is true, the CSRF token will be validated for all http methods in this array. + + csrf_auto_token + boolean +
false
+ + When true, Form::open() adds CSRF token hidden field automatically. + +

Note that if you enable "csrf_autoload", ALL your HTTP requests of the specified type MUST contain a CSRF token, or the validation will fail and a SecurityException will be thrown.