public function onKernalResponse(\Event $event)
{
$response = $event->getResponse();
if ($response instanceof \Response || $response instanceof \RedirectResponse || $response instanceof \JsonResponse) {
$response->send();
}
\EventDispatcher::dispatch(KernalEvent::HTTPFINISH, new HttpEvent($event->getRequest(), $response));
}
public function onKernalRequest(\Event $event)
{
$request = $event->getRequest();
if (strtoupper($request->getMethod()) == "POST" && \Config::get("session::csrf_check")) {
if (!$request->request->get('csrf_token')) {
throw new \Exception("缺少csrf_token参数!", 1);
}
$csrfProvider = new CsrfSessionService();
if (!$csrfProvider->isCsrfTokenValid($request->request->get('csrf_token'))) {
throw new \Exception("csrf_token参数验证失败!", 1);
}
}
}
