php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-15 06:40:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,087 Commits 9 Branches 79 Tags
Commit Graph

24 Commits

Author SHA1 Message Date
paresh27
96a0372ec1 Update security-best-practices.md (#16036) [skip ci] 2018-04-04 16:14:42 +03:00
Angel Guevara
519753d868 Added missing parts of disabling CSRF validation doc [skip ci] (#13966) 2017-04-12 01:55:13 +03:00
Alexey Rogachev
9445e5508b Fixes #10675: Added docs for disabling CSRF validation in standalone actions 2017-04-11 02:05:36 +03:00
Carsten Brandt
5727699445 Aadded OWASP references to security guide (#13667) [skip ci] 
Currently security guide is very thrifty with information on what a topic is about. So for beginners it is not clear why something like CSRF or XSS protection is even needed.

I added a few reference links to allow reading about more background behind the topics.
 2017-02-27 11:31:04 +03:00
Robert Korulczyk
35998449eb Add yii\filters\HostControl::$fallbackHostInfo (#13117) 2016-12-03 08:25:39 +02:00
Klimov Paul
7da77c3d5a created HostControl filter to prevent Host header attacks 
fixes #13050
close #13063
 2016-12-01 00:59:26 +01:00
Carsten Brandt
a498dedb5c Added documentation about Host header attack (#13073) 
* Added documentation about Host header attack

Added info about Host header attack (#13050) to the guide and the Request class.
When we introduce a filter or property to protect against this, these
sections should be updated to link to that option.
 2016-11-26 21:57:52 +01:00
Alexey Rogachev
f4e54a1b5a Fixed typo in get parameter in docs [skip ci] (#13066) 2016-11-24 11:52:44 +03:00
SilverFire - Dmitry Naumenko
685f16e8ef 📖 Updated guide pages - wrap true, false, null 2016-09-20 10:49:15 +03:00
Dmitriy Makarov
383de6f051 📖 Fix typo [skip ci] 2016-08-25 08:23:11 +03:00
Alexander Makarov
63cac32fbc Cleaned up security guide 2016-05-01 00:19:55 +03:00
Alexander Makarov
9a842d25e5 Better docs wording as suggested in 752d537998f71a568a035a3ac69e69f2c4a8f22b 2016-04-30 19:18:59 +03:00
Alexander Makarov
752d537998 Fixes #11367: mentioned securing connection with TLS in security best practices 2016-04-30 17:35:55 +03:00
Dmitry Naumenko
9f1a0aed3d Text style fixes 2015-05-12 11:36:25 +03:00
Dmitry Naumenko
65048c87ed Updated guide/security-best-practices 
A little bit more information about the CSRF
 2015-05-12 11:05:34 +03:00
Nobuo Kihara
82036a9841 docs/guide/security-best-practices.md - small fix [ci skip] 2015-02-21 17:31:47 +09:00
Alexander Makarov
c8e56d178b Added intro to CSRF to security-best-practices 2015-02-19 22:44:57 +03:00
alejandrochen
f8971c7644 Update security-best-practices.md 
proerly -> properly
 2015-02-11 15:57:01 -03:00
Nobuo Kihara
5549149433 docs/guide/security-best-practices.md - minor fix [ci skip] 2014-12-23 08:26:21 +09:00
Alexander Makarov
37ec930feb Added note on how to deal with filtering column names 2014-12-17 16:32:10 +03:00
Alexander Makarov
874c6331d2 A plan on security guide CSRF section 2014-12-14 23:51:14 +03:00
pana1990
0f0d9020b3 fix mistake small [skip ci] 2014-12-14 18:01:41 +01:00
Alexander Makarov
996856c04c Security best practices guide 2014-12-14 18:34:20 +03:00
Carsten Brandt
d68d8628fa created stub documentation files for TDB sections 
to avoid issues about 404 links in the guide
 2014-10-18 18:58:59 +02:00