Merge pull request #5230 from kenjis/fix-docs-csrf

kenjis · web-flow · commit 20604475b807 · 2021-10-25T11:16:46.000+09:00
Fix user guide on CSRF
diff --git a/user_guide_src/source/concepts/security.rst b/user_guide_src/source/concepts/security.rst
@@ -57,7 +57,7 @@ CodeIgniter provisions
 ----------------------
 
 - `Session <../libraries/sessions.html>`_ library
-- `HTTP library <../incoming/incomingrequest.html>`_ provides for CSRF validation
+- :doc:`Security </libraries/security>` library provides for CSRF validation
 - Easy to add third party authentication
 
 *****************************
@@ -162,7 +162,7 @@ CodeIgniter provisions
 ----------------------
 
 - Public folder, with application and system outside
-- `HTTP library <../incoming/incomingrequest.html>`_ provides for CSRF validation
+- :doc:`Security </libraries/security>` library provides for CSRF validation
 
 ************************************
 A8 Cross Site Request Forgery (CSRF)
@@ -181,7 +181,7 @@ OWASP recommendations
 CodeIgniter provisions
 ----------------------
 
-- `HTTP library <../incoming/incomingrequest.html>`_ provides for CSRF validation
+- :doc:`Security </libraries/security>` library provides for CSRF validation
 
 **********************************************
 A9 Using Components with Known Vulnerabilities
diff --git a/user_guide_src/source/general/configuration.rst b/user_guide_src/source/general/configuration.rst
@@ -165,8 +165,7 @@ the configuration class properties are left unchanged. In this usage, the prefix
 the full (case-sensitive) namespace of the class.
 ::
 
-    Config\App.CSRFProtection = true
-    Config\App.CSRFCookieName = csrf_cookie
+    Config\App.forceGlobalSecureRequests = true
     Config\App.CSPEnabled = true
 
 
@@ -177,17 +176,15 @@ the configuration class name. If the short prefix matches the class name,
 the value from **.env** replaces the configuration file value.
 ::
 
-    app.CSRFProtection = true
-    app.CSRFCookieName = csrf_cookie
+    app.forceGlobalSecureRequests = true
     app.CSPEnabled = true
 
 .. note:: When using the *short prefix* the property names must still exactly match the class defined name.
 
 Some environments do not permit variable name with dots. In such case, you could also use ``_`` as a seperator.
 ::
 
-    app_CSRFProtection = true
-    app_CSRFCookieName = csrf_cookie
+    app_forceGlobalSecureRequests = true
     app_CSPEnabled = true
 
 Environment Variables as Replacements for Data
diff --git a/user_guide_src/source/libraries/throttler.rst b/user_guide_src/source/libraries/throttler.rst
@@ -117,7 +117,7 @@ filter::
 Next, we assign it to all POST requests made on the site::
 
     public $methods = [
-        'post' => ['throttle', 'CSRF'],
+        'post' => ['throttle', 'csrf'],
     ];
 
 And that's all there is to it. Now all POST requests made on the site will have to be rate limited.
