diff --git a/lib/Cake/Controller/Component/SecurityComponent.php b/lib/Cake/Controller/Component/SecurityComponent.php index 308f27c73..9b3134e47 100644 --- a/lib/Cake/Controller/Component/SecurityComponent.php +++ b/lib/Cake/Controller/Component/SecurityComponent.php @@ -227,7 +227,7 @@ class SecurityComponent extends Component { public function startup(Controller $controller) { $this->request = $controller->request; $this->_action = $controller->request->params['action']; - $hasData = ($controller->request->data || $controller->request->is(array('put', 'post', 'delete', 'patch'))); + $hasData = ($controller->request->data || !$controller->request->is(['head', 'get', 'options'])); try { $this->_methodsRequired($controller); $this->_secureRequired($controller); diff --git a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php index 0fba140b2..e49e65c0a 100644 --- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php @@ -162,6 +162,7 @@ class SecurityComponentTest extends CakeTestCase { */ public function setUp() : void { parent::setUp(); + $_SERVER['REQUEST_METHOD'] = 'GET'; $request = $this->getMock('CakeRequest', array('here'), array('posts/index', false)); $request->addParams(array('controller' => 'posts', 'action' => 'index')); @@ -321,7 +322,7 @@ public function testRequireSecureFail() { * @return void */ public function testRequireSecureSucceed() { - $_SERVER['REQUEST_METHOD'] = 'Secure'; + $_SERVER['REQUEST_METHOD'] = 'GET'; $this->Controller->request['action'] = 'posted'; $_SERVER['HTTPS'] = 'on'; $this->Controller->Security->requireSecure('posted');