From 7c15e2f96faf8e79ba8d0e020efaf2036e15ed8d Mon Sep 17 00:00:00 2001
From: Bastian Allgeier <mail@bastianallgeier.com>
Date: Wed, 25 May 2022 14:33:11 +0200
Subject: [PATCH] One more addition to the docs

---
 README.md | 44 +++++++++++++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index ae71307..57625c2 100755
--- a/README.md
+++ b/README.md
@@ -676,7 +676,7 @@ const response = await axios.post(api, {
 }, { auth });
 ```
 
-### Allowed methods
+### Allowing methods
 
 KQL is very strict with allowed methods by default. Custom page methods, file methods or model methods are not allowed to make sure you don't miss an important security issue by accident. You can allow additional methods though.
 
@@ -730,6 +730,24 @@ Kirby::plugin('your-name/your-plugin', [
 ]);
 ```
 
+### Blocking methods
+
+You can block individual class methods that would normally be accessible by listing them in your config:
+
+```php
+<?php
+
+return [
+  'kql' => [
+    'methods' => [
+      'blocked' => [
+        'Kirby\Cms\Page::url'
+      ]
+    ]
+  ]
+];
+```
+
 ### Blocking classes
 
 Sometimes you might want to reduce access to various parts of the system. This can be done by blocking individual methods (see above) or by blocking entire classes.
@@ -773,18 +791,18 @@ You can put the class for such a custom interceptor in a plugin for example.
 
 class SystemInterceptor extends Kirby\Kql\Interceptors\Interceptor
 {
-	public const CLASS_ALIAS = 'system';
-
-	protected $toArray = [
-		'isInstallable',
-	];
-
-	public function allowedMethods(): array
-	{
-		return [
-			'isInstallable',
-		];
-	}
+  public const CLASS_ALIAS = 'system';
+
+  protected $toArray = [
+    'isInstallable',
+  ];
+
+  public function allowedMethods(): array
+  {
+    return [
+      'isInstallable',
+    ];
+  }
 }
 ```