Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride PHP Method

Request Class Documentation Usage Examples Of Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride Show file Open project: symfony/symfony

enableHttpMethodParameterOverride() public static method

Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability. The HTTP method can only be overridden when the real HTTP method is POST.

public static enableHttpMethodParameterOverride ( )

    public static function enableHttpMethodParameterOverride()
    {
        self::$httpMethodParameterOverride = true;
    }

Usage Example

Example #1

Show file

File: FrameworkBundle.php Project: nfabre/symfony

 public function boot()
 {
     if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
         Request::setTrustedProxies($trustedProxies);
     }
     if ($this->container->getParameter('kernel.http_method_override')) {
         Request::enableHttpMethodParameterOverride();
     }
 }

All Usage Examples Of Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride

Request

__clone

__construct

__toString

create

createFromGlobals

createRequestFromFactory

duplicate

enableHttpMethodParameterOverride

get

getAcceptableContentTypes