Antony Thorpe 6348f2e3e8 Updated Form.php & 04_Form_Security.md ... Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)). Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine. Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.		2017-06-06 21:10:49 +12:00
..
Field_types	API Remove legacy HTMLEditor classes	2017-05-30 11:01:28 +12:00
How_Tos	DOCS Update docs to reference PageController without an underscore, implement some PSR-2	2017-01-11 09:59:28 +13:00
00_Introduction.md	DOCS Update docs to reference PageController without an underscore, implement some PSR-2	2017-01-11 09:59:28 +13:00
01_Validation.md	API Create SeparatedDateField	2017-02-15 11:07:58 +13:00
03_Form_Templates.md	Updated location of custom field templates	2016-12-16 10:40:01 +13:00
04_Form_Security.md	Updated Form.php & 04_Form_Security.md	2017-06-06 21:10:49 +12:00
05_Form_Transformations.md	Rewrite, tidy and format of Forms documentation	2014-12-17 15:48:58 +13:00
06_Tabbed_Forms.md	Merge branch '3.2' into 3.3	2016-08-22 16:22:02 +01:00
index.md	FIX How to folder on forms	2014-12-17 15:50:06 +13:00