In the config file, if the value of csrf_autoload_methods, csrf_bad_request_on_fail set are the same as default like this link https://fuelphp.com/docs/classes/security.html, do we need to add them?
You can check ./fuel/core/config, those config files contain the defaults which will be merged with our apps config files. So if you don't specify them, the value from the core config file will be used.
Donate
