rmrevin
commented
8 years ago In this case, you must check csrf token. It is the task of the client code, not this extension.
Closed Patroklo closed 8 years ago
rmrevin
commented
8 years ago In this case, you must check csrf token. It is the task of the client code, not this extension.
At least it should be interesting to add more security there, because it's very simple to make a fake link and make people click it to start deleting their own posts without knowing. Yii2 usually add a post link to prevent this kind of behavior (for example the logout link).