You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: user_guide_src/source/incoming/filters.rst
+8-1Lines changed: 8 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -91,6 +91,13 @@ Configuring Filters
91
91
Once you've created your filters, you need to configure when they get run. This is done in **app/Config/Filters.php**.
92
92
This file contains four properties that allow you to configure exactly when the filters run.
93
93
94
+
.. Note:: The safest way to apply filters is to :ref:`disable auto-routing <use-defined-routes-only>`, and :ref:`set filters to routes <applying-filters>`.
95
+
96
+
.. Warning:: It is recommended that you should always add ``*`` at the end of a URI in the filter settings.
97
+
Because a controller method might be accessible by different URLs than you think.
98
+
For example, when auto-routing is enabled, if you have ``Blog::index``,
99
+
it can be accessible with ``blog``, ``blog/index``, and ``blog/index/1``, etc.
100
+
94
101
$aliases
95
102
========
96
103
@@ -133,7 +140,7 @@ run on every request. Filters can be specified by adding their alias to either t
133
140
There are times where you want to apply a filter to almost every request, but have a few that should be left alone.
134
141
One common example is if you need to exclude a few URI's from the CSRF protection filter to allow requests from
135
142
third-party websites to hit one or two specific URI's, while keeping the rest of them protected. To do this, add
136
-
an array with the 'except' key and a uri to match as the value alongside the alias::
143
+
an array with the 'except' key and a URI to match as the value alongside the alias::
0 commit comments