Update README.md

README.md

@@ -40,7 +40,11 @@ Sometimes there are too many click at second from the same browser,with CSRFProt
 CSRFProtector want to be full unintrusive.
 
 #### Ajax
-Coming soon
+Ajax is a special case: infact the protection is easy to enable on URLs inside the html page generated by the server.  
+In this case the protection is pretty same to standard links.
+On the other hand, sometimes you need to make request to dinamically generated URLs (by javascript).  
+This time CSRFProtector use a "global token" that can authorize any URL pointing your server and ,to improve security, it's regenerated each ajax call.  
+Because using "global token" is a bit less secure than standard way, CSRFProtector let you choose the mode on the constructor:
 
 ---
 
@@ -53,7 +57,6 @@ Not only: it also add a flag in session with the end time of script execution an
 
 To do:
 
-* Enable ajax
 * Enable javascript redirect
 
 ---
@@ -65,8 +68,7 @@ At the begin of your main script, add this code
 ```php
 
 require ("libs/CSRFProtector-master/CSRFProtector.php");
-$jsPath = "CSRFProtector"; // path where is native.history.js
-$csrf = new CSRFProtector($jsPath);
+$csrf = new CSRFProtector();
 $csrf->run();
 
 ```
@@ -75,13 +77,59 @@ That is all! Anyway it's more powerfull than what might seem.
 
 #### Advanced configurations
 
-The construct can take three optional arguments:
+The construct can take an optional associative array as argument with these keys:
+
+
+```php 
+  "jsPath"
+``` 
+[string] A path where is located csrf.protector.js (browser will search for {yourpath}/csrf.protector.js)
+
+---
+
+```php
+  "errorFunction"
+``` 
+[[callable]](http://php.net/manual/en/language.types.callable.php) function that will be called when CSRF attack are discovered (standard action is to end the script and display "CSFR protection")
+
+---
+
+```php
+  "tokenFunction"
+``` 
+[[callable]](http://php.net/manual/en/language.types.callable.php) function that generate the token(by default is a composition of 3 randomic value)
+
+---
+
+```php
+  "maxTime"
+``` 
+[int] The maximum life time of tokens in seconds(default is 120 seconds)
+
+---
+
+```php
+  "minSecondBeforeNextClick"
+```
+[int] The minimum time requested between the current script end time and the next request(default is 1 second) 
+
+---
+
+```php
+  "debug"
+``` 
+[boolean] Activate the firephp debug sistem
+
+---
+
+```php
+  "globalToken"
+```
+[boolean] use the global token for ajax
+
+---
 
-1. A string path where is located native.history.js (browser will search for {yourpath}/native.history.js)
-2. A [callable](http://php.net/manual/en/language.types.callable.php) function that will be called when CSRF attack are discovered (standard action is to end the script and display "CSFR protection")
-3. A [callable](http://php.net/manual/en/language.types.callable.php) function that generate the token(by default is a composition of 3 randomic value)
-4. The maximum life time of tokens in seconds(default is 120 seconds)
-5. The minimum time requested between the current script end time and the next request(default is 1 second) 
+#### Advanced configurations example
 
 ```php
 
@@ -97,7 +145,13 @@ $time = 30; //in seconds
 $min = 0; // in seconds
 $jsPath = "CSRFProtector"; // path where is native.history.js
 
-$csrf = new CSRFProtector($jsPath,$error,$token,$time,$min);
+$csrf = new CSRFProtector(array( //order doesn't matter
+    'jsPath' => $jsPath,
+    'errorFunction' => $error,
+    'tokenFunction' => $token,
+    'maxTime' => $time,
+    'debug'=>true,
+    'minSecondBeforeNextClick' => $min));
 $csrf->run();
 
 ```
@@ -108,8 +162,7 @@ It's also possible to manually protect GET and POST data using fews function:
 ```php
 
 $auto = false;
-$jsPath = "CSRFProtector";
-$csrf = new CSRFProtector($jsPath);
+$csrf = new CSRFProtector();
 $csrf->run($auto);
 
 <html>