/**
* Checks for the CSRF token and throws 401 exception if invalid.
*
* @param $event
* @throws UnauthorizedException
*/
public function onRequest($event, $request)
{
$this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
if ($request->attributes->get('_request[csrf]', false, true) && !$this->provider->validate()) {
throw new CsrfException('Invalid CSRF token.');
}
}
/**
* Checks for the CSRF token and throws 401 exception if invalid.
*
* @param $event
* @throws UnauthorizedException
*/
public function onRequest($event, $request)
{
$this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
$attributes = $request->attributes->get('_request', []);
if (isset($attributes['csrf']) && !$this->provider->validate()) {
throw new CsrfException('Invalid CSRF token.');
}
}
/**
* Displays a hidden token field to reduce the risk of CSRF exploits.
*
* @param string $name
*/
public function get($name = '_csrf')
{
printf('<input type="hidden" name="%s" value="%s">', $name, $this->provider->generate());
}
