From b4e463c89ce7db79643de5048c4e9673680ec9a2 Mon Sep 17 00:00:00 2001
From: Oleg Baturin <baturin@gmail.com>
Date: Fri, 8 Nov 2024 18:46:26 +0700
Subject: [PATCH] update readme

---
 README.md                    | 1 +
 src/CsrfHeaderMiddleware.php | 4 ++++
 src/CsrfMiddleware.php       | 4 ++++
 src/CsrfTokenMiddleware.php  | 4 ++++
 4 files changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 5754021..5c2d8df 100644
--- a/README.md
+++ b/README.md
@@ -274,6 +274,7 @@ return [
 The use of a custom request header for CSRF protection is based on the CORS Protocol. Thus, you **must** configure the CORS module to allow or deny cross-origin access to the backend API.
 
 >**Warning**  
+>
 >`CsrfHeaderMiddleware` can be used to prevent forgery of same-origin requests and requests from the list of specific origins only.
 
 
diff --git a/src/CsrfHeaderMiddleware.php b/src/CsrfHeaderMiddleware.php
index 6c7ca11..b820594 100644
--- a/src/CsrfHeaderMiddleware.php
+++ b/src/CsrfHeaderMiddleware.php
@@ -67,6 +67,10 @@ public function withHeaderName(string $name): self
         return $new;
     }
 
+    /**
+     * @param array $methods "unsafe" methods not triggered a CORS-preflight request
+     * @link https://fetch.spec.whatwg.org/#http-cors-protocol
+     */
     public function withUnsafeMethods(array $methods): self
     {
         $new = clone $this;
diff --git a/src/CsrfMiddleware.php b/src/CsrfMiddleware.php
index 79306e6..038a820 100644
--- a/src/CsrfMiddleware.php
+++ b/src/CsrfMiddleware.php
@@ -80,6 +80,10 @@ public function withHeaderName(string $name): self
         return $new;
     }
 
+    /**
+     * @param array $methods "safe" methods skipped on CSRF token validation
+     * @link https://datatracker.ietf.org/doc/html/rfc9110#name-safe-methods
+     */
     public function withSafeMethods(array $methods): self
     {
         $new = clone $this;
diff --git a/src/CsrfTokenMiddleware.php b/src/CsrfTokenMiddleware.php
index 0185ef3..f55d49d 100644
--- a/src/CsrfTokenMiddleware.php
+++ b/src/CsrfTokenMiddleware.php
@@ -79,6 +79,10 @@ public function withHeaderName(string $name): self
         return $new;
     }
 
+    /**
+     * @param array $methods "safe" methods skipped on CSRF token validation
+     * @link https://datatracker.ietf.org/doc/html/rfc9110#name-safe-methods
+     */
     public function withSafeMethods(array $methods): self
     {
         $new = clone $this;