change backand request csrf settings

2015-11-29 11:08:04 +01:00 · 2015-11-29 11:08:04 +01:00 · 17a339badf
commit 17a339badf
parent ed80f8720d
2 changed files with 13 additions and 2 deletions
--- a/backend/config/main.php
+++ b/backend/config/main.php
@ -14,17 +14,28 @@ return [
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
+    		'request' => [
+    				'csrfParam' => '_backendCSRF',
+    				'csrfCookie' => [
+    						'httpOnly' => true,
+    						'path' => '/backend/web',
+    				],
+    		],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
        	'identityCookie' => [
        			'name' => '_backendUser', // unique for backend
-       				'path'=>'/backend/web'  // correct path for the backend app.
+       				'path'=>'/backend/web',  // correct path for the backend app.
+        			'httpOnly' => true,
       		]
        ],
    	'session' => [
    			'name' => '_backendSessionId', // unique for backend
   				'savePath' => __DIR__ . '/../runtime', // a temporary folder on backend
+    			'cookieParams' => [
+    					'path' => '/backend/web',
+    			],
   		],
        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
--- a/common/config/params.php
+++ b/common/config/params.php
@ -3,5 +3,5 @@ return [
    'adminEmail' => 'rocho02@gmail.com',
    'supportEmail' => 'rocho02@gmail.com',
    'user.passwordResetTokenExpire' => 3600,
-	'version' => 'v0.0.4'
+	'version' => 'v0.0.5'
 ];