diff --git a/framework/yii/web/AccessControl.php b/framework/yii/web/AccessControl.php index 35d6cae..7f791b8 100644 --- a/framework/yii/web/AccessControl.php +++ b/framework/yii/web/AccessControl.php @@ -31,15 +31,17 @@ use yii\base\ActionFilter; * 'class' => \yii\web\AccessControl::className(), * 'only' => array('create', 'update'), * 'rules' => array( + * // deny all POST requests + * array( + * 'allow' => false, + * 'verbs' => array('POST') + * ), * // allow authenticated users * array( * 'allow' => true, * 'roles' => array('@'), * ), - * // deny all - * array( - * 'allow' => false, - * ), + * // everything else is denied * ), * ), * );