function Request::enableHttpMethodParameterOverride
Enables support for the _method request parameter to determine the intended HTTP method.
Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.
The HTTP method can only be overridden when the real HTTP method is POST.
File
-
vendor/
symfony/ http-foundation/ Request.php, line 632
Class
- Request
- Request represents an HTTP request.
Namespace
Symfony\Component\HttpFoundationCode
public static function enableHttpMethodParameterOverride() : void {
self::$httpMethodParameterOverride = true;
}