Skip to content

verifyGetFor rules

Jump to bottom Edit New page
Joe Bordes edited this page Jul 4, 2017 · 3 revisions

verifyGetFor attribute in config.php specifies set of patterns of urls for which GET requests will also be validated in csrf protector. This attribute is an array of strings, such that each element represent one rule. Rules may look like:

*://*/*
http://*/*
https://*/*
http://myserver.com/test/*
https://myserver.com/user/delete*
*://myserver.com/test/*

Explanation

*://*/*

Verfiy every url for GET request

http://*/* & https://*/*

Verify every GET request sent using http protocol & httpsprotocol respectively

http://myserver.com/test/*

Verify every request sent in http protocol belonging to directory /test/ in the application

https://myserver.com/user/delete*

Verify every request sent in https, belonging to /user/ directory having delete* like filename. For example https://myserver.com/user/delete.php or https://myserver.com/user/delete_user.php?id=12

*://myserver.com/test/*

Verify every request sent in any protocol to /test/ directory files

Important links:

  1. Download Master Version
  2. How to SET UP
  3. How to USE

PS: wiki still under development. Please create a Github issue for any correction.

Clone this wiki locally