From df30b5bf2d137a286151f40f5aa261958ac73527 Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 29 Oct 2023 10:10:34 +0900 Subject: [PATCH 1/4] docs: change filter alias We use `auth-rates` or `force-reset` in Shield. --- user_guide_src/source/incoming/filters/004.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/incoming/filters/004.php b/user_guide_src/source/incoming/filters/004.php index 304bd21b53eb..fbaa8358ad60 100644 --- a/user_guide_src/source/incoming/filters/004.php +++ b/user_guide_src/source/incoming/filters/004.php @@ -7,7 +7,7 @@ class Filters extends BaseConfig { public array $aliases = [ - 'apiPrep' => [ + 'api-prep' => [ \App\Filters\Negotiate::class, \App\Filters\ApiAuth::class, ], From 2b9ffe28fbbcbe894d0cfd3d3dfb89cbe2c0f8fb Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 29 Oct 2023 10:11:25 +0900 Subject: [PATCH 2/4] docs: fix incorrect filter alias --- user_guide_src/source/incoming/filters/008.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/incoming/filters/008.php b/user_guide_src/source/incoming/filters/008.php index 945e9498b4f9..8d417fd436aa 100644 --- a/user_guide_src/source/incoming/filters/008.php +++ b/user_guide_src/source/incoming/filters/008.php @@ -9,7 +9,7 @@ class Filters extends BaseConfig // ... public array $methods = [ - 'post' => ['InvalidChars', 'csrf'], + 'post' => ['invalidchars', 'csrf'], 'get' => ['csrf'], ]; From 6e85e2c80cd7c72854c57352367c3887944a95f5 Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 29 Oct 2023 10:11:49 +0900 Subject: [PATCH 3/4] docs: add empty lines --- user_guide_src/source/incoming/filters.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst index 3965dce51b0e..f6fea6551c37 100644 --- a/user_guide_src/source/incoming/filters.rst +++ b/user_guide_src/source/incoming/filters.rst @@ -121,7 +121,9 @@ $globals The second section allows you to define any filters that should be applied to every request made by the framework. You should take care with how many you use here, since it could have performance implications to have too many -run on every request. Filters can be specified by adding their alias to either the before or after array: +run on every request. + +Filters can be specified by adding their alias to either the ``before`` or ``after`` array: .. literalinclude:: filters/005.php @@ -130,14 +132,18 @@ Except for a Few URIs There are times where you want to apply a filter to almost every request, but have a few that should be left alone. One common example is if you need to exclude a few URI's from the CSRF protection filter to allow requests from -third-party websites to hit one or two specific URI's, while keeping the rest of them protected. To do this, add +third-party websites to hit one or two specific URI's, while keeping the rest of them protected. + +To do this, add an array with the ``except`` key and a URI path (relative to BaseURL) to match as the value alongside the alias: .. literalinclude:: filters/006.php Any place you can use a URI path (relative to BaseURL) in the filter settings, you can use a regular expression or, like in this example, use an asterisk (``*``) for a wildcard that will match all characters after that. In this example, any URI path starting with ``api/`` -would be exempted from CSRF protection, but the site's forms would all be protected. If you need to specify multiple +would be exempted from CSRF protection, but the site's forms would all be protected. + +If you need to specify multiple URI paths, you can use an array of URI path patterns: .. literalinclude:: filters/007.php From 97c3f7704cde3d9cc1fa66283683c31017f7d54e Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 29 Oct 2023 10:17:42 +0900 Subject: [PATCH 4/4] docs: add "valid" Because controller filters are applied before controller execution. If there is no controller found, the filters are not applied. --- user_guide_src/source/incoming/filters.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst index f6fea6551c37..29462ccc6538 100644 --- a/user_guide_src/source/incoming/filters.rst +++ b/user_guide_src/source/incoming/filters.rst @@ -119,7 +119,8 @@ You should define as many aliases as you need. $globals ======== -The second section allows you to define any filters that should be applied to every request made by the framework. +The second section allows you to define any filters that should be applied to every valid request made by the framework. + You should take care with how many you use here, since it could have performance implications to have too many run on every request.