/** * Checks for the CSRF token and throws 401 exception if invalid. * * @param $event * @throws UnauthorizedException */ public function onRequest($event, $request) { $this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN'))); if ($request->attributes->get('_request[csrf]', false, true) && !$this->provider->validate()) { throw new CsrfException('Invalid CSRF token.'); } }
/** * Checks for the CSRF token and throws 401 exception if invalid. * * @param $event * @throws UnauthorizedException */ public function onRequest($event, $request) { $this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN'))); $attributes = $request->attributes->get('_request', []); if (isset($attributes['csrf']) && !$this->provider->validate()) { throw new CsrfException('Invalid CSRF token.'); } }
/** * Displays a hidden token field to reduce the risk of CSRF exploits. * * @param string $name */ public function get($name = '_csrf') { printf('<input type="hidden" name="%s" value="%s">', $name, $this->provider->generate()); }