@@ -6,7 +6,7 @@ Controller Filters
66 :local:
77 :depth: 2
88
9- Controller Filters allow you to perform actions either before or after the controllers execute. Unlike :doc: `events </extending/events >`,
9+ Controller Filters allow you to perform actions either before or after the controllers execute. Unlike :doc: `events <.. /extending/events
1010you can choose the specific URIs in which the filters will be applied to. Incoming filters may
1111modify the Request while after filters can act on and even modify the Response, allowing for a lot of flexibility
1212and power. Some common examples of tasks that might be performed with filters are:
@@ -60,7 +60,7 @@ This is typically used to perform redirects, like in this example:
6060.. literalinclude :: filters/002.php
6161
6262If a ``Response `` instance is returned, the Response will be sent back to the client and script execution will stop.
63- This can be useful for implementing rate limiting for APIs. See :doc: `Throttler </libraries/throttler >` for an
63+ This can be useful for implementing rate limiting for APIs. See :doc: `Throttler <.. /libraries/throttler
6464example.
6565
6666.. _after-filters :
@@ -114,15 +114,18 @@ run on every request. Filters can be specified by adding their alias to either t
114114
115115.. literalinclude :: filters/005.php
116116
117+ Except for a Few URIs
118+ ---------------------
119+
117120There are times where you want to apply a filter to almost every request, but have a few that should be left alone.
118121One common example is if you need to exclude a few URI's from the CSRF protection filter to allow requests from
119122third-party websites to hit one or two specific URI's, while keeping the rest of them protected. To do this, add
120- an array with the ' except' key and a URI to match as the value alongside the alias:
123+ an array with the `` except `` key and a URI to match as the value alongside the alias:
121124
122125.. literalinclude :: filters/006.php
123126
124127Any place you can use a URI in the filter settings, you can use a regular expression or, like in this example, use
125- an asterisk for a wildcard that will match all characters after that. In this example, any URL's starting with ``api/ ``
128+ an asterisk (`` * ``) for a wildcard that will match all characters after that. In this example, any URL's starting with ``api/ ``
126129would be exempted from CSRF protection, but the site's forms would all be protected. If you need to specify multiple
127130URI's you can use an array of URI patterns:
128131
@@ -131,29 +134,31 @@ URI's you can use an array of URI patterns:
131134$methods
132135========
133136
137+ .. Warning :: If you use ``$methods`` filters, you should :ref:`disable Auto Routing (Legacy) <use-defined-routes-only>`
138+ because :ref: `auto-routing-legacy ` permits any HTTP method to access a controller.
139+ Accessing the controller with a method you don't expect could bypass the filter.
140+
134141You can apply filters to all requests of a certain HTTP method, like POST, GET, PUT, etc. In this array, you would
135- specify the method name in lowercase. It's value would be an array of filters to run. Unlike the ``$globals `` or the
136- ``$filters `` properties, these will only run as before filters:
142+ specify the method name in **lowercase **. It's value would be an array of filters to run:
137143
138144.. literalinclude :: filters/008.php
139145
140- In addition to the standard HTTP methods, this also supports one special case: 'cli'. The 'cli' method would apply to
141- all requests that were run from the command line .
146+ .. note :: Unlike the ``$globals`` or the
147+ `` $filters `` properties, these will only run as before filters .
142148
143- .. Warning :: If you use ``$methods`` filters, you should :ref:`disable Auto Routing (Legacy) <use-defined-routes-only>`
144- because :ref: `auto-routing-legacy ` permits any HTTP method to access a controller.
145- Accessing the controller with a method you don't expect could bypass the filter.
149+ In addition to the standard HTTP methods, this also supports one special case: ``cli ``. The ``cli `` method would apply to
150+ all requests that were run from the command line.
146151
147152$filters
148153========
149154
150- This property is an array of filter aliases. For each alias, you can specify before and after arrays that contain
155+ This property is an array of filter aliases. For each alias, you can specify `` before `` and `` after `` arrays that contain
151156a list of URI patterns that filter should apply to:
152157
153158.. literalinclude :: filters/009.php
154159
155- Filter arguments
156- =================
160+ Filter Arguments
161+ ================
157162
158163When configuring filters, additional arguments may be passed to a filter when setting up the route:
159164
@@ -165,7 +170,7 @@ In this example, the array ``['dual', 'noreturn']`` will be passed in ``$argumen
165170Confirming Filters
166171******************
167172
168- CodeIgniter has the following :doc: `command </cli/spark_commands >` to check the filters for a route.
173+ CodeIgniter has the following :doc: `command <.. /cli/spark_commands
169174
170175.. _spark-filter-check :
171176
0 commit comments