public static function checkCsrfToken() { /* @var Request $request */ $request = static::$di->getShared('request'); if ($request->isPost() && $request->get('_token') != Session::getCsrfToken()) { self::throwCsrfException(); } }
public function testSessionCsrfToken() { Config::set('session.default', 'native'); Session::register($this->di); Session::start(); $this->assertNotEmpty($csrf = Session::generateCsrfToken(), 'Unable to generate CSRF token'); $this->assertEquals($csrf, Session::getCsrfToken(), 'Unable to check CSRF token'); Session::clear(); $this->assertNotEmpty($newCsrf = Session::getCsrfToken(), 'Unable to regenerate CSRF token'); $this->assertNotEquals($csrf, $newCsrf, 'Unable to regenerate unique CSRF token'); Session::end(); }