malhuda/CodeIgniter4
1
0
Fork 0
mirror of https://github.com/codeigniter4/CodeIgniter4.git synced 2025-02-20 11:44:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: environment-specific Config\Security::$redirect

Browse Source
This commit is contained in:
kenjis 2024-03-29 10:34:43 +09:00
parent 9820c313fe
commit 00896cf231
No known key found for this signature in database
GPG Key ID: BD254878922AF198
4 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Config/Security.php
View File

@ -79,8 +79,10 @@ class Security extends BaseConfig
* --------------------------------------------------------------------------
*
* Redirect to previous page with error on failure.
*
* @see https://codeigniter4.github.io/userguide/libraries/security.html#redirection-on-failure
*/
public bool $redirect = false;
public bool $redirect = (ENVIRONMENT === 'production');
/**
* --------------------------------------------------------------------------

3
user_guide_src/source/changelogs/v4.5.0.rst
View File

@ -196,6 +196,9 @@ Others
if the HTTP method is different.
- **Bootstrap:** The ``CodeIgniter\Boot`` class has been introduced, replacing
**system/bootstrap.php**.
- **Security:** ``Config\Security::$redirect`` is now, by default, environment-specific.
For production environment, changed to ``true`` but is still ``false`` for other
environments.
********
BREAKING

3
user_guide_src/source/installation/upgrade_450.rst
View File

@ -327,6 +327,9 @@ Others
- app/Config/Kint.php
- It no longer extends ``BaseConfig`` because enabling
:ref:`factories-config-caching` could cause errors.
- app/Config/Security.php
- The property ``$redirect`` has been changed to ``true`` in ``production``
environment.
All Changes
===========

12
user_guide_src/source/libraries/security.rst
View File

@ -130,15 +130,17 @@ may alter this behavior by editing the following config parameter value in
Redirection on Failure
----------------------
Since v4.3.0, when a request fails the CSRF validation check,
it will throw a SecurityException by default,
Starting with v4.5.0, when a request fails the CSRF validation check, by default,
the user is redirected to the previous page in production environment, or a
SecurityException is thrown in other environments.
.. note:: In production environment, when you use HTML forms, it is recommended
to enable this redirection for a better user experience.
If you want to make it redirect to the previous page,
change the following config parameter value in
**app/Config/Security.php**:
Upgrade users should check their configuration files.
If you want to make it redirect to the previous page, set the following config
parameter value to ``true`` in **app/Config/Security.php**:
.. literalinclude:: security/005.php