« Previous | Next » 

Revision e9d2336c

IDe9d2336c740f8478a60aa0092fe536c068280222

Added by Robert Lemke about 8 years ago

[!!!][FEATURE] Skip automatic persistence and CSRF protection for "safe" requests

This change set introduces an important behavior for Flow applications:
HTTP request methods which are, by definition, considered to be "safe"
(that is, "read-only") are now treated as such.

In practice it means that GET requests will not trigger a persistAll() call
anymore and CSRF protection for actions is not checked anymore if
the request is a GET request.

Please adjust your applications to cleanly observe this principle since
more optimizations in this direction are planned for later versions of
TYPO3 Flow.

This patch contains the corresponding documentation.

Resolves: #47252
Releases: 2.0, master
Change-Id: I9d667aa451a7510cf12ab13be745fed1f7ca477e

  • added
  • modified
  • copied
  • renamed
  • deleted