/**
  * Sets a cookie to the response containing the CRSF token.
  *
  * @param FilterResponseEvent $event
  */
 public function onKernelResponse(FilterResponseEvent $event)
 {
     if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType() || !$this->routeMatcher->match($event->getRequest(), $this->routes)) {
         return;
     }
     $event->getResponse()->headers->setCookie(new Cookie($this->cookieName, $this->angularCsrfTokenManager->getToken()->getValue(), $this->cookieExpire, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, false));
 }
 public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureRequest, Request $unsecureRequest, CsrfToken $token)
 {
     $token->getValue()->willReturn(self::TOKEN_VALUE);
     $tokenManager->getToken()->willReturn($token);
     $this->secureRequest = $secureRequest;
     $this->unsecureRequest = $unsecureRequest;
     $routeMatcher->match($this->secureRequest, $this->routes)->willReturn(true);
     $routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false);
     $this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::COOKIE_NAME, self::COOKIE_EXPIRE, self::COOKIE_PATH, self::COOKIE_DOMAIN, self::COOKIE_SECURE);
 }
 /**
  * Handles CSRF token validation.
  *
  * @param GetResponseEvent $event
  *
  * @throws AccessDeniedHttpException
  */
 public function onKernelRequest(GetResponseEvent $event)
 {
     if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType() || !$this->routeMatcher->match($event->getRequest(), $this->routes)) {
         return;
     }
     $value = $event->getRequest()->headers->get($this->headerName);
     if (!$value || !$this->angularCsrfTokenManager->isTokenValid($value)) {
         throw new AccessDeniedHttpException('Bad CSRF token.');
     }
 }
 /**
  * {@inheritdoc}
  */
 public function configureOptions(OptionsResolver $resolver)
 {
     $request = $this->requestStack->getCurrentRequest();
     if (null === $request) {
         return;
     }
     if (false === $this->routeMatcher->match($request, $this->routes)) {
         return;
     }
     $value = $request->headers->get($this->headerName);
     if ($this->angularCsrfTokenManager->isTokenValid($value)) {
         $resolver->setDefaults(array('csrf_protection' => false));
     }
 }
 public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureValidRequest, Request $secureInvalidRequest, Request $unsecureRequest, HeaderBag $validHeaders, HeaderBag $invalidHeaders)
 {
     $tokenManager->isTokenValid(self::VALID_TOKEN)->willReturn(true);
     $tokenManager->isTokenValid(self::INVALID_TOKEN)->willReturn(false);
     $this->secureValidRequest = $secureValidRequest;
     $validHeaders->get(self::HEADER_NAME)->willReturn(self::VALID_TOKEN);
     $this->secureValidRequest->headers = $validHeaders;
     $this->secureInvalidRequest = $secureInvalidRequest;
     $invalidHeaders->get(self::HEADER_NAME)->willReturn(self::INVALID_TOKEN);
     $this->secureInvalidRequest->headers = $invalidHeaders;
     $this->unsecureRequest = $unsecureRequest;
     $routeMatcher->match($this->secureValidRequest, $this->routes)->willReturn(true);
     $routeMatcher->match($this->secureInvalidRequest, $this->routes)->willReturn(true);
     $routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false);
     $this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::HEADER_NAME);
 }