You are here

public static function Request::enableHttpMethodParameterOverride in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 vendor/symfony/http-foundation/Request.php \Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride()

Enables support for the _method request parameter to determine the intended HTTP method.

Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.

The HTTP method can only be overridden when the real HTTP method is POST.

2 calls to Request::enableHttpMethodParameterOverride()
RequestTest::testCreateFromGlobals in vendor/symfony/http-foundation/Tests/RequestTest.php
@dataProvider provideOverloadedMethods
RequestTest::testGetSetMethod in vendor/symfony/http-foundation/Tests/RequestTest.php
@covers Symfony\Component\HttpFoundation\Request::setMethod @covers Symfony\Component\HttpFoundation\Request::getMethod

File

vendor/symfony/http-foundation/Request.php, line 687

Class

Request
Request represents an HTTP request.

Namespace

Symfony\Component\HttpFoundation

Code

public static function enableHttpMethodParameterOverride() {
  self::$httpMethodParameterOverride = true;
}