This component adds a CSRF token to a cookie. The cookie value is compared to request data, or the X-CSRF-Token header on each PATCH, POST, PUT, or DELETE request. If the request data is missing or does not match the cookie data, a ForbiddenException will be raised. This component integrates with the FormHelper automatically and when used together your forms will have CSRF tokens automatically added when $this->Form->create(...) is used in a view.
Наследование: extends Cake\Controller\Component
Документация по классу CsrfComponent
Пример #1
0
 /**
  * Test that the configuration options work.
  *
  * @return void
  * @triggers Controller.startup $controller
  */
 public function testConfigurationValidate()
 {
     $_SERVER['REQUEST_METHOD'] = 'POST';
     $controller = $this->getMock('Cake\\Controller\\Controller', ['redirect']);
     $controller->request = new Request(['cookies' => ['csrfToken' => 'nope', 'token' => 'yes'], 'post' => ['_csrfToken' => 'no match', 'token' => 'yes']]);
     $controller->response = new Response();
     $component = new CsrfComponent($this->registry, ['cookieName' => 'token', 'field' => 'token', 'expiry' => 90]);
     $event = new Event('Controller.startup', $controller);
     $result = $component->startup($event);
     $this->assertNull($result, 'Config settings should work.');
 }