groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-02-11 12:09:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Only allow to set the DELETE method via HTTP method overriding

Browse source 
This hardens security
This commit is contained in:
Jan Böhmer 2026-02-07 17:18:31 +01:00
parent b144f5e383
commit 81dde6fa68
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/packages/framework.yaml
View file

@ -1,3 +1,4 @@
# yaml-language-server: $schema=../../vendor/symfony/dependency-injection/Loader/schema/services.schema.json
# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
secret: '%env(APP_SECRET)%'
@ -8,6 +9,7 @@ framework:
# Must be set to true, to enable the change of HTTP method via _method parameter, otherwise our delete routines does not work anymore
# TODO: Rework delete routines to work without _method parameter as it is not recommended anymore (see https://github.com/symfony/symfony/issues/45278)
http_method_override: true
allowed_http_method_override: ['DELETE']
# Allow users to configure trusted hosts via .env variables
# see https://symfony.com/doc/current/reference/configuration/framework.html#trusted-hosts