tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-10 13:29:58 +02:00
Code Issues Projects Releases Wiki Activity

SecurityToken docs

Browse Source
This commit is contained in:
Ingo Schommer 2013-09-05 12:53:54 +02:00
parent daa0b3cb79
commit 9872a52a8d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/en/topics/security.md
View File

@ -323,7 +323,11 @@ match the hash stored in the users session, the request is discarded.
You can disable this behaviour through `[api:Form->disableSecurityToken()]`.
It is also recommended to limit form submissions to the intended HTTP verb (mostly `GET` or `POST`)
through `[api:Form->setStrictFormMethodCheck()]`.
through `[api:Form->setStrictFormMethodCheck()]`.
Sometimes you need to handle state-changing HTTP submissions which aren't handled through
SilverStripe's form system. In this case, you can also check the current HTTP request
for a valid token through `[api:SecurityToken::checkRequest()]`.
## Casting user input