/** * Sign the response with a session token * * @param DispatcherContext $context A dispatcher context object */ public function challengeResponse(DispatcherContext $context) { if ($context->request->isGet()) { $token = $context->user->getSession()->getToken(); $context->response->headers->addCookie($this->getObject('lib:http.cookie', array('name' => 'csrf_token', 'value' => $token, 'path' => $context->request->getBaseUrl()->getPath()))); $context->response->headers->set('X-CSRF-Token', $token); } parent::challengeResponse($context); }