mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-30 13:19:11 +02:00
6348f2e3e8
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security]( |
||
---|---|---|
.. | ||
en | ||
_manifest_exclude | ||
LICENSE |