Merge pull request #7407 from kenjis/docs-add-note-for-csrf-redirect

kenjis · web-flow · commit 748d603c93c2 · 2023-04-06T09:29:13.000+09:00
docs: add note for CSRF redirect
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
@@ -121,6 +121,9 @@ Redirection on Failure
 Since v4.3.0, when a request fails the CSRF validation check,
 it will throw a SecurityException by default,
 
+.. note:: In production environment, when you use HTML forms, it is recommended
+    to enable this redirection for a better user experience.
+
 If you want to make it redirect to the previous page,
 change the following config parameter value in
 **app/Config/Security.php**:
