Validates the CSRF token for POST data. If
the request is a GET request, and the cookie value is absent a cookie will be set.
Once a cookie is set it will be copied into request->params['_csrfToken']
so that application and framework code can easily access the csrf token.
RequestAction requests do not get checked, nor will
they set a cookie should it be missing.
/**
* Test that the configuration options work.
*
* @return void
* @triggers Controller.startup $controller
*/
public function testConfigurationValidate()
{
$_SERVER['REQUEST_METHOD'] = 'POST';
$controller = $this->getMock('Cake\\Controller\\Controller', ['redirect']);
$controller->request = new Request(['cookies' => ['csrfToken' => 'nope', 'token' => 'yes'], 'post' => ['_csrfToken' => 'no match', 'token' => 'yes']]);
$controller->response = new Response();
$component = new CsrfComponent($this->registry, ['cookieName' => 'token', 'field' => 'token', 'expiry' => 90]);
$event = new Event('Controller.startup', $controller);
$result = $component->startup($event);
$this->assertNull($result, 'Config settings should work.');
}
