changelog: slightly more help about enabling CSRF protection when upg…

…rading
lonnieezell · Oct 2, 2012 · a85b42b · a85b42b · lonnieezell · Oct 2, 2012
1 parent f427666
commit a85b42b
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/docs/_guides/basic_info/changelog.txt b/docs/_guides/basic_info/changelog.txt
@@ -9,16 +9,20 @@ Regression fixes for:
 
 Upgrade Notes:
 
-Version 0.6 prevents CSRF attacks using a standard CodeIgniter option.  This should protect against clicking a malicious link (e.g. in an email or forum post), which attempts to perform actions on Bonfire.  E.g. deleting modules or changing user access rights.
+Version 0.6 prevented CSRF attacks using a standard CodeIgniter option.  This should protect against clicking a malicious link (e.g. in an email or forum post), which attempts to perform actions on Bonfire.  E.g. deleting modules or changing user access rights.
 
-This means all AJAX POST requests need to include the CSRF token.  In many cases the simplest option will be what we used for issue #596.  Upgrade to Bonfire 0.6.1 and then change two lines:
+When upgrading to Bonfire 0.6.1, you should make sure to update config.php in the application/config folder.  This is necessary in order to enable and configure CSRF protection.
+
+As a result, any AJAX POST request you have will need to include the CSRF token.  If you don't already know how to do this, Bonfire 0.6.1 includes a simple solution.  You just need two extra lines.
+
+In the controller for the page which launches the AJAX request:
 
-In the controller, you need:
     Assets::add_js('codeigniter-csrf.js')
 
-In the AJAX request, you add an extra data field:
+In the AJAX request, an extra data field:
+
     // assuming your data is not passed as a string
-    $.ajax({ ... data:
+    $.ajax({ ..., type: "POST", data:
                    { ... 'ci_csrf_token' : ci_csrf_token() } } );
     // or
     $.post(url,