silverstripe-framework/docs/en/02_Developer_Guides/03_Forms
Antony Thorpe 6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
..
Field_types API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
How_Tos DOCS Update docs to reference PageController without an underscore, implement some PSR-2 2017-01-11 09:59:28 +13:00
00_Introduction.md DOCS Update docs to reference PageController without an underscore, implement some PSR-2 2017-01-11 09:59:28 +13:00
01_Validation.md API Create SeparatedDateField 2017-02-15 11:07:58 +13:00
03_Form_Templates.md Updated location of custom field templates 2016-12-16 10:40:01 +13:00
04_Form_Security.md Updated Form.php & 04_Form_Security.md 2017-06-06 21:10:49 +12:00
05_Form_Transformations.md Rewrite, tidy and format of Forms documentation 2014-12-17 15:48:58 +13:00
06_Tabbed_Forms.md Merge branch '3.2' into 3.3 2016-08-22 16:22:02 +01:00
index.md FIX How to folder on forms 2014-12-17 15:50:06 +13:00