adamwathan
commented
8 years ago Nice, was hesitant at first but obviously CSRF is not relevant for GET requests so why would we ever send this token? Thanks man!
Closed irineujunior closed 8 years ago
adamwathan
commented
8 years ago Nice, was hesitant at first but obviously CSRF is not relevant for GET requests so why would we ever send this token? Thanks man!
adamwathan
commented
8 years ago Can you add a test similar to this one that shows GET forms don't include the token?
https://github.com/adamwathan/form/blob/master/tests/FormBuilderTest.php#L376-L382
irineujunior
commented
8 years ago Ok.. I'm not good with tests but I'll try. =)
adamwathan
commented
8 years ago It should be a pretty simple one, so good place to practice! :) If you have any issues let me know, happy to help.
irineujunior
commented
8 years ago Now sounds good.
adamwathan
commented
8 years ago Looks great, thanks again!
This patch prevent urls like http://blog.local/admin/posts/?_token=FGeYWnYVdmy7HEBret1OprY3IAYCzdNi3ESlINCG&status=active&name=test