/**
* Checks for the CSRF token and throws 401 exception if invalid.
*
* @param GetResponseEvent $event
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
if ($csrf = $request->attributes->get('_request[csrf]', false, true)) {
if (!$this->provider->validate($request->get(is_string($csrf) ? $csrf : '_csrf'))) {
throw new BadTokenException(401, 'Invalid CSRF token.');
}
}
}
/**
* Displays a hidden token field to reduce the risk of CSRF exploits.
*
* @param string $name
*/
public function generate($name = '_csrf')
{
printf('<input type="hidden" name="%s" value="%s">', $name, $this->provider->generate());
}