From 79ec2699677ae685d414396725702207e59fc8b4 Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 7 Nov 2023 13:54:04 +0900 Subject: [PATCH] docs: add warning on redirect() --- user_guide_src/source/libraries/security.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index a901e74c80a0..d1cdb52194c8 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -112,6 +112,10 @@ may alter this behavior by editing the following config parameter value in .. literalinclude:: security/004.php +.. warning:: If you use Cookie based CSRF protection, and :php:func:`redirect()` + after the submission, you must call ``withCookie()`` to send the regenerated + CSRF cookie. See :ref:`response-redirect` for details. + .. note:: Since v4.2.3, you can regenerate CSRF token manually with the ``Security::generateHash()`` method.