public static function Request::enableHttpMethodParameterOverride in Zircon Profile 8
Same name and namespace in other branches
- 8.0 vendor/symfony/http-foundation/Request.php \Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride()
Enables support for the _method request parameter to determine the intended HTTP method.
Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.
The HTTP method can only be overridden when the real HTTP method is POST.
2 calls to Request::enableHttpMethodParameterOverride()
- RequestTest::testCreateFromGlobals in vendor/
symfony/ http-foundation/ Tests/ RequestTest.php - @dataProvider provideOverloadedMethods
- RequestTest::testGetSetMethod in vendor/
symfony/ http-foundation/ Tests/ RequestTest.php - @covers Symfony\Component\HttpFoundation\Request::setMethod @covers Symfony\Component\HttpFoundation\Request::getMethod
File
- vendor/
symfony/ http-foundation/ Request.php, line 687
Class
- Request
- Request represents an HTTP request.
Namespace
Symfony\Component\HttpFoundationCode
public static function enableHttpMethodParameterOverride() {
self::$httpMethodParameterOverride = true;
}