/**
* Checks for the CSRF token and throws 401 exception if invalid.
*
* @param $event
* @throws UnauthorizedException
*/
public function onRequest($event, $request)
{
$this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
if ($request->attributes->get('_request[csrf]', false, true) && !$this->provider->validate()) {
throw new CsrfException('Invalid CSRF token.');
}
}
/**
* Checks for the CSRF token and throws 401 exception if invalid.
*
* @param $event
* @throws UnauthorizedException
*/
public function onRequest($event, $request)
{
$this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
$attributes = $request->attributes->get('_request', []);
if (isset($attributes['csrf']) && !$this->provider->validate()) {
throw new CsrfException('Invalid CSRF token.');
}
}