From 0683d88f9d668b8156f8c8b89cc585831f738d62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Pineau?= Date: Thu, 11 Jan 2024 15:18:52 +0100 Subject: [PATCH] [Symfony][Router] Set the default method for a route to "GET" * I always sspecify the method(s) in my route declaration and it's boring * Allowing by default all methods does not make sens * Allowing by default all methods can be a security issue, because someone can DDOS the application by sending POST request, to a resource that is usually cached (but only for GET) * explicit is better than implicit --- symfony/routing/6.2/config/routes.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/symfony/routing/6.2/config/routes.yaml b/symfony/routing/6.2/config/routes.yaml index 41ef8140b..b12005be6 100644 --- a/symfony/routing/6.2/config/routes.yaml +++ b/symfony/routing/6.2/config/routes.yaml @@ -3,3 +3,4 @@ controllers: path: ../src/Controller/ namespace: App\Controller type: attribute + methods: [GET]