/** * Checks for the CSRF token and throws 401 exception if invalid. * * @param GetResponseEvent $event * @throws \Symfony\Component\HttpKernel\Exception\HttpException */ public function onKernelRequest(GetResponseEvent $event) { $request = $event->getRequest(); if ($csrf = $request->attributes->get('_request[csrf]', false, true)) { if (!$this->provider->validate($request->get(is_string($csrf) ? $csrf : '_csrf'))) { throw new BadTokenException(401, 'Invalid CSRF token.'); } } }
/** * Displays a hidden token field to reduce the risk of CSRF exploits. * * @param string $name */ public function generate($name = '_csrf') { printf('<input type="hidden" name="%s" value="%s">', $name, $this->provider->generate()); }