Exemple #1
0
 /**
  * Checks for the CSRF token and throws 401 exception if invalid.
  *
  * @param  $event
  * @throws UnauthorizedException
  */
 public function onRequest($event, $request)
 {
     $this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
     if ($request->attributes->get('_request[csrf]', false, true) && !$this->provider->validate()) {
         throw new CsrfException('Invalid CSRF token.');
     }
 }
Exemple #2
0
 /**
  * Checks for the CSRF token and throws 401 exception if invalid.
  *
  * @param  $event
  * @throws UnauthorizedException
  */
 public function onRequest($event, $request)
 {
     $this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
     $attributes = $request->attributes->get('_request', []);
     if (isset($attributes['csrf']) && !$this->provider->validate()) {
         throw new CsrfException('Invalid CSRF token.');
     }
 }
 /**
  * Displays a hidden token field to reduce the risk of CSRF exploits.
  *
  * @param string $name
  */
 public function get($name = '_csrf')
 {
     printf('<input type="hidden" name="%s" value="%s">', $name, $this->provider->generate());
 }