Skip to content

Document CSRF middleware. #4976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 19, 2017
Merged

Document CSRF middleware. #4976

merged 3 commits into from
May 19, 2017

Conversation

@markstory
Copy link
Member

@markstory markstory commented May 18, 2017

@markstory markstory added this to the 3.x milestone May 18, 2017
ravage84
ravage84 reviewed May 18, 2017
View reviewed changes
Copy link
Member

@ravage84 ravage84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

en/controllers/middleware.rst Outdated
endpoints.

.. versionadded:: 3.5.0
The ``CsrfProtectionMiddleware`` was added in 3.5.0
Copy link
Member

@ravage84 ravage84 May 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this note be under "Cross Site Request Forgery (CSRF) Middleware"?

Copy link
Member Author

@markstory markstory May 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it should.

@markstory markstory merged commit 5931ee4 into 3.next May 19, 2017
@markstory markstory deleted the more-middleware branch May 19, 2017 01:54
inoas
inoas reviewed May 19, 2017
View reviewed changes
en/controllers/middleware.rst
----------------------------------

In addition to request data parameters, CSRF tokens can be submitted through
a special ``X-CSRF-Token`` header. Using a header often makes it easier to
Copy link
Contributor

@inoas inoas May 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Point to docs how to do it?
Is it enabled by default?
Should it?

Copy link
Member Author

@markstory markstory May 19, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting headers is part of whatever client library you happen to be using.

HavokInspiration added a commit that referenced this pull request Jul 6, 2017
@HavokInspiration
[fr] Follows #4976
7379d34
@HavokInspiration HavokInspiration mentioned this pull request Jul 6, 2017
Merged
@ryoichi-u ryoichi-u mentioned this pull request Aug 1, 2017
Merged
6 tasks
ryoichi-u added a commit to ryoichi-u/docs that referenced this pull request Aug 3, 2017
@ryoichi-u
[ja] cakephp#4976 copy from en to ja
e79ad45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ravage84 ravage84 ravage84 left review comments

+1 more reviewer

@inoas inoas inoas left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Added Functionality

Projects

None yet

Milestone

3.x

Development

Successfully merging this pull request may close these issues.

5 participants

@markstory @ravage84 @inoas @HavokInspiration