docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon PrestaShop

Document using SF route names starting with a _ disables the token need

Open matks opened this issue 6 years ago • 1 comments

https://github.com/PrestaShop/PrestaShop/blob/develop/src/PrestaShopBundle/EventListener/TokenizedUrlsListener.php#L86

This behavior needs to be in the doc.

matks avatar Jun 05 '19 13:06 matks

Actually, I've not documented this intentionally.

I don't think we should do it, people will only remember that "prefixing routes with an underscore is easy" and so on this will create a lot of modules with security issues.

TLDR; as a good practice we should never document something that could create security issues. If people don't want tokens in URLs, there is an easier way to do that: https://devdocs.prestashop.com/1.7/scale/benchmark/back-office/#disable-the-token

But in this case, the developers can't say they weren't aware of the security issue :)

mickaelandrieu avatar Jul 09 '19 16:07 mickaelandrieu