Skip to content

Commit

Permalink
One more addition to the docs
Browse files Browse the repository at this point in the history
  • Loading branch information
bastianallgeier committed May 25, 2022
1 parent 5d80596 commit 7c15e2f
Showing 1 changed file with 31 additions and 13 deletions.
44 changes: 31 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -676,7 +676,7 @@ const response = await axios.post(api, {
}, { auth });
```
### Allowed methods
### Allowing methods
KQL is very strict with allowed methods by default. Custom page methods, file methods or model methods are not allowed to make sure you don't miss an important security issue by accident. You can allow additional methods though.
Expand Down Expand Up @@ -730,6 +730,24 @@ Kirby::plugin('your-name/your-plugin', [
]);
```
### Blocking methods
You can block individual class methods that would normally be accessible by listing them in your config:
```php
<?php
return [
'kql' => [
'methods' => [
'blocked' => [
'Kirby\Cms\Page::url'
]
]
]
];
```
### Blocking classes
Sometimes you might want to reduce access to various parts of the system. This can be done by blocking individual methods (see above) or by blocking entire classes.
Expand Down Expand Up @@ -773,18 +791,18 @@ You can put the class for such a custom interceptor in a plugin for example.
class SystemInterceptor extends Kirby\Kql\Interceptors\Interceptor
{
public const CLASS_ALIAS = 'system';
protected $toArray = [
'isInstallable',
];
public function allowedMethods(): array
{
return [
'isInstallable',
];
}
public const CLASS_ALIAS = 'system';
protected $toArray = [
'isInstallable',
];
public function allowedMethods(): array
{
return [
'isInstallable',
];
}
}
```
Expand Down

0 comments on commit 7c15e2f

Please sign in to comment.