public function onKernalRequest(\Event $event) { $request = $event->getRequest(); if (strtoupper($request->getMethod()) == "POST" && \Config::get("session::csrf_check")) { if (!$request->request->get('csrf_token')) { throw new \Exception("缺少csrf_token参数!", 1); } $csrfProvider = new CsrfSessionService(); if (!$csrfProvider->isCsrfTokenValid($request->request->get('csrf_token'))) { throw new \Exception("csrf_token参数验证失败!", 1); } } }
public function getCsrfToken() { $csrfProvider = new CsrfSessionService(); return $csrfProvider->generateCsrfToken(); }