6b1750d35f
Add note about updating cacert.pem
2021-03-03 15:48:49 +03:00
daafa44d57
Add "Configuring SSL peer validation" to security best practices guide
2021-03-03 03:21:50 +03:00
4a9c82f9ab
Fix typos in documentation, update Japanese translation ( #17551 ) [skip ci]
2019-09-09 17:06:25 +03:00
1ed6ec1e5c
Fixes #17353 : Added sameSite support for yii\web\Cookie and yii\web\Session::cookieParams
2019-06-11 00:33:36 +03:00
31d3850a13
Fix typos in docs ( #17084 ) [skip ci]
2019-01-30 01:06:13 +03:00
bbdb3ee722
update CSRF docs
2018-10-05 11:14:04 +02:00
96a0372ec1
Update security-best-practices.md ( #16036 ) [skip ci]
2018-04-04 16:14:42 +03:00
519753d868
Added missing parts of disabling CSRF validation doc [skip ci] ( #13966 )
2017-04-12 01:55:13 +03:00
9445e5508b
Fixes #10675 : Added docs for disabling CSRF validation in standalone actions
2017-04-11 02:05:36 +03:00
5727699445
Aadded OWASP references to security guide ( #13667 ) [skip ci]
...
Currently security guide is very thrifty with information on what a topic is about. So for beginners it is not clear why something like CSRF or XSS protection is even needed.
I added a few reference links to allow reading about more background behind the topics.
2017-02-27 11:31:04 +03:00
35998449eb
Add yii\filters\HostControl::$fallbackHostInfo ( #13117 )
2016-12-03 08:25:39 +02:00
7da77c3d5a
created HostControl filter to prevent Host header attacks
...
fixes #13050
close #13063
2016-12-01 00:59:26 +01:00
a498dedb5c
Added documentation about Host header attack ( #13073 )
...
* Added documentation about Host header attack
Added info about Host header attack (#13050 ) to the guide and the Request class.
When we introduce a filter or property to protect against this, these
sections should be updated to link to that option.
2016-11-26 21:57:52 +01:00
f4e54a1b5a
Fixed typo in get parameter in docs [skip ci] ( #13066 )
2016-11-24 11:52:44 +03:00
685f16e8ef
📖 Updated guide pages - wrap true, false, null
2016-09-20 10:49:15 +03:00
383de6f051
📖 Fix typo [skip ci]
2016-08-25 08:23:11 +03:00
63cac32fbc
Cleaned up security guide
2016-05-01 00:19:55 +03:00
9a842d25e5
Better docs wording as suggested in 752d537998f71a568a035a3ac69e69f2c4a8f22b
2016-04-30 19:18:59 +03:00
752d537998
Fixes #11367 : mentioned securing connection with TLS in security best practices
2016-04-30 17:35:55 +03:00
9f1a0aed3d
Text style fixes
2015-05-12 11:36:25 +03:00
65048c87ed
Updated guide/security-best-practices
...
A little bit more information about the CSRF
2015-05-12 11:05:34 +03:00
82036a9841
docs/guide/security-best-practices.md - small fix [ci skip]
2015-02-21 17:31:47 +09:00
c8e56d178b
Added intro to CSRF to security-best-practices
2015-02-19 22:44:57 +03:00
f8971c7644
Update security-best-practices.md
...
proerly -> properly
2015-02-11 15:57:01 -03:00
5549149433
docs/guide/security-best-practices.md - minor fix [ci skip]
2014-12-23 08:26:21 +09:00
37ec930feb
Added note on how to deal with filtering column names
2014-12-17 16:32:10 +03:00
874c6331d2
A plan on security guide CSRF section
2014-12-14 23:51:14 +03:00
0f0d9020b3
fix mistake small [skip ci]
2014-12-14 18:01:41 +01:00
996856c04c
Security best practices guide
2014-12-14 18:34:20 +03:00
d68d8628fa
created stub documentation files for TDB sections
...
to avoid issues about 404 links in the guide
2014-10-18 18:58:59 +02:00
