public function preProcess(Http\Response $response, Http\Request $request) { if (Edge::app()->user()->isGuest()) { if ($request->is("GET")) { Edge::app()->session->redirectUrl = $request->getRequestUrl(); } if ($request->isAjax()) { throw new Unauthorized("Unauthorized access"); } $response->redirect($this->url); } }
public function preProcess(Http\Response $response, Http\Request $request) { if (!$request->is('GET')) { $tokenName = $this->tokenName; $body = $request->getParams(); if (!isset($body[$tokenName])) { throw new BadRequest("The body does not contain a CSRF token"); } if ($body[$tokenName] != $request->getCsrfToken()) { throw new BadRequest("The specified CSRF token is not valid"); } return true; } }