« Previous | Next » 

Revision f3d285c3


Added by Robert Lemke over 8 years ago

[!!!][FEATURE] Skip automatic persistence and CSRF protection for "safe" requests

This change set introduces an important behavior for Flow applications:
HTTP request methods which are, by definition, considered to be "safe"
(that is, "read-only") are now treated as such.

In practice it means that GET requests will not trigger a persistAll() call
anymore and CSRF protection for actions is not checked anymore if
the request is a GET request.

Please adjust your applications to cleanly observe this principle since
more optimizations in this direction are planned for later versions of
TYPO3 Flow.

This patch contains the corresponding documentation.

Resolves: #47252
Releases: 2.0, master
Change-Id: I9d667aa451a7510cf12ab13be745fed1f7ca477e

  • added
  • modified
  • copied
  • renamed
  • deleted