Closed irineujunior closed 8 years ago
Nice, was hesitant at first but obviously CSRF is not relevant for GET requests so why would we ever send this token? Thanks man!
Can you add a test similar to this one that shows GET forms don't include the token?
https://github.com/adamwathan/form/blob/master/tests/FormBuilderTest.php#L376-L382
Ok.. I'm not good with tests but I'll try. =)
It should be a pretty simple one, so good place to practice! :) If you have any issues let me know, happy to help.
Now sounds good.
Looks great, thanks again!
This patch prevent urls like http://blog.local/admin/posts/?_token=FGeYWnYVdmy7HEBret1OprY3IAYCzdNi3ESlINCG&status=active&name=test