public static function validate()
{
$csrfToken = self::getCsrfToken();
if (!isset($_COOKIE['csrftoken']) || $_COOKIE['csrftoken'] != $csrfToken) {
self::_throwException();
}
$headerToken = Arrays::getValue(RequestHeaders::all(), 'X-Csrftoken');
$postToken = Arrays::getValue($_POST, 'csrftoken');
if ($headerToken != $csrfToken && $postToken != $csrfToken) {
self::_throwException();
}
}
/**
* @test
*/
public function shouldGetArrayOfAllHeaders()
{
//given
$_SERVER['HTTP_ACCEPT'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$_SERVER['HTTP_ACCEPT_CHARSET'] = 'UTF-8,*;q=0.5';
$_SERVER['HTTP_ACCEPT_ENCODING'] = 'gzip,deflate,sdch';
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'en-US,en;q=0.8';
$_SERVER['HTTP_CACHE_CONTROL'] = 'max-age=0';
$_SERVER['HTTP_CONNECTION'] = 'keep-alive';
$_SERVER['HTTP_COOKIE'] = '__utmz=179618234.1309856897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=179618234.703966342.1309856897.1309856897.1309856897.1';
$_SERVER['HTTP_HOST'] = 'www.yoursite.com';
$_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30';
//when
$all = RequestHeaders::all();
//then
Assert::thatArray($all)->hasSize(9)->containsKeyAndValue(array('Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Charset' => 'UTF-8,*;q=0.5', 'Accept-Encoding' => 'gzip,deflate,sdch', 'Accept-Language' => 'en-US,en;q=0.8', 'Cache-Control' => 'max-age=0', 'Connection' => 'keep-alive', 'Cookie' => '__utmz=179618234.1309856897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=179618234.703966342.1309856897.1309856897.1309856897.1', 'Host' => 'www.yoursite.com', 'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30'));
}
