startup() public method

Validates the CSRF token for POST data. If the request is a GET request, and the cookie value is absent a cookie will be set. Once a cookie is set it will be copied into request->params['_csrfToken'] so that application and framework code can easily access the csrf token. RequestAction requests do not get checked, nor will they set a cookie should it be missing.
public startup ( Cake\Event\Event $event ) : void
$event Cake\Event\Event Event instance.
return void
 /**
  * Test that the configuration options work.
  *
  * @return void
  * @triggers Controller.startup $controller
  */
 public function testConfigurationValidate()
 {
     $_SERVER['REQUEST_METHOD'] = 'POST';
     $controller = $this->getMock('Cake\\Controller\\Controller', ['redirect']);
     $controller->request = new Request(['cookies' => ['csrfToken' => 'nope', 'token' => 'yes'], 'post' => ['_csrfToken' => 'no match', 'token' => 'yes']]);
     $controller->response = new Response();
     $component = new CsrfComponent($this->registry, ['cookieName' => 'token', 'field' => 'token', 'expiry' => 90]);
     $event = new Event('Controller.startup', $controller);
     $result = $component->startup($event);
     $this->assertNull($result, 'Config settings should work.');
 }