[!!!][FEATURE] Skip automatic persistence and CSRF protection for "safe" requests
This change set introduces an important behavior for Flow applications:
HTTP request methods which are, by definition, considered to be "safe"
(that is, "read-only") are now treated as such.
In practice it means that GET requests will not trigger a persistAll() call
anymore and CSRF protection for actions is not checked anymore if
the request is a GET request.
Please adjust your applications to cleanly observe this principle since
more optimizations in this direction are planned for later versions of
This patch contains the corresponding documentation.
Releases: 2.0, master