Jump to content

csrfCheck question


CodingJungle
Go to solution Solved by Martin A.,

Recommended Posts

I'm updating one of my apps, and it has a ton of ajax request, and i've done this in the execute method of my controllers:

if( Request::i()->requestMethod() !== 'GET'){
    Session::i()->csrfCheck();
}

as all my POSTs are for state changes and my GETs aren't (so basically any http request that isn't a GET will hit the csrfCheck). 

from my testing, it appears to be effective, or should i be putting the csrfCheck into each method of the controller that needs to check it? 

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...