[eluser]drakeonfire[/eluser]
Hello,
After lots of frustration, I thought I had found the solution. This solution was meant to be:
Code:
$config['csrf_exclude_uris'] = array('uri_here');
But no ... that doesn't seem to work anymore, in fact, it's not even in the documentation for 2.1! It was in 2.0.3...
So my question is, how can I use AJAX, with CSRF still enabled, without doing a 'white-list' of IPs (as it could be anyone using the AJAX)?
Thanks
