From 17a339badfa82048dad038e448bd888372d25264 Mon Sep 17 00:00:00 2001
From: Roland Schneider <rocho02@gmail.com>
Date: Sun, 29 Nov 2015 11:08:04 +0100
Subject: [PATCH] change backand request csrf settings

---
 backend/config/main.php  | 13 ++++++++++++-
 common/config/params.php |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/backend/config/main.php b/backend/config/main.php
index fbb4bd2..70d7514 100644
--- a/backend/config/main.php
+++ b/backend/config/main.php
@@ -14,17 +14,28 @@ return [
     'bootstrap' => ['log'],
     'modules' => [],
     'components' => [
+    		'request' => [
+    				'csrfParam' => '_backendCSRF',
+    				'csrfCookie' => [
+    						'httpOnly' => true,
+    						'path' => '/backend/web',
+    				],
+    		],
         'user' => [
             'identityClass' => 'common\models\User',
             'enableAutoLogin' => true,
         	'identityCookie' => [
         			'name' => '_backendUser', // unique for backend
-       				'path'=>'/backend/web'  // correct path for the backend app.
+       				'path'=>'/backend/web',  // correct path for the backend app.
+        			'httpOnly' => true,
        		]
         ],
     	'session' => [
     			'name' => '_backendSessionId', // unique for backend
    				'savePath' => __DIR__ . '/../runtime', // a temporary folder on backend
+    			'cookieParams' => [
+    					'path' => '/backend/web',
+    			],
    		],
         'log' => [
             'traceLevel' => YII_DEBUG ? 3 : 0,
diff --git a/common/config/params.php b/common/config/params.php
index f8d2974..359c9f8 100644
--- a/common/config/params.php
+++ b/common/config/params.php
@@ -3,5 +3,5 @@ return [
     'adminEmail' => 'rocho02@gmail.com',
     'supportEmail' => 'rocho02@gmail.com',
     'user.passwordResetTokenExpire' => 3600,
-	'version' => 'v0.0.4'
+	'version' => 'v0.0.5'
 ];