verifyGetFor rules

verifyGetFor attribute in config.php specifies set of patterns of urls for which GET requests will also be validated in csrf protector. This attribute is an array of strings, such that each element represent one rule. Rules may look like:

*://*/*
http://*/*
https://*/*
http://myserver.com/test/*
https://myserver.com/user/delete*
*://myserver.com/test/*

Explanation

*://*/*

Verfiy every url for GET request

http://*/* & https://*/*

Verify every GET request sent using http protocol & httpsprotocol respectively

http://myserver.com/test/*

Verify every request sent in http protocol belonging to directory /test/ in the application

https://myserver.com/user/delete*

Verify every request sent in https, belonging to /user/ directory having delete* like filename. For example https://myserver.com/user/delete.php or https://myserver.com/user/delete_user.php?id=12

*://myserver.com/test/*

Verify every request sent in any protocol to /test/ directory files

Important links:

PS: wiki still under development. Please create a Github issue for any correction.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

verifyGetFor rules

Explanation

Important links:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally