public static function protect(Controller $controller) { $controller->before[] = function () { if (CsrfProtector::isMethodProtected(Uri::getRequestType())) { CsrfProtector::validate(); } return true; }; $controller->after[] = function () use($controller) { $controller->setCookie(array('name' => 'csrftoken', 'value' => CsrfProtector::getCsrfToken(), 'expire' => 0, 'path' => '/')); return true; }; }