/** * Checks for the CSRF token and throws 401 exception if invalid. * * @param GetResponseEvent $event * @throws \Symfony\Component\HttpKernel\Exception\HttpException */ public function onKernelRequest(GetResponseEvent $event) { $request = $event->getRequest(); if ($csrf = $request->attributes->get('_request[csrf]', false, true)) { if (!$this->provider->validate($request->get(is_string($csrf) ? $csrf : '_csrf'))) { throw new BadTokenException(401, 'Invalid CSRF token.'); } } }