From 05e5461acbccc09c91ad38530e5bf91338ff166e Mon Sep 17 00:00:00 2001
From: Marius Karstedt <m.karstedt@repaste.de>
Date: Sun, 21 Mar 2021 11:40:37 +0100
Subject: [PATCH] get csrf token in request; Test for prefix 'http-' in csrf
 token header

---
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 2 +-
 src/Pecee/Http/Request.php                     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index 4815e8c..8baaade 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -68,7 +68,7 @@ class BaseCsrfVerifier implements IMiddleware
 
             $token = $request->getInputHandler()->value(
                 static::POST_KEY,
-                $request->getHeader(static::HEADER_KEY),
+                $request->getHeader(static::HEADER_KEY) ?? $request->getHeader('HTTP-' . static::HEADER_KEY),
                 'post'
             );
 
diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php
index e2bccae..c695008 100644
--- a/src/Pecee/Http/Request.php
+++ b/src/Pecee/Http/Request.php
@@ -147,6 +147,15 @@ class Request
         return $this->getHeader('php-auth-pw');
     }
 
+    /**
+     * Get the csrf token
+     * @return string|null
+     */
+    public function getCsrfToken(): ?string
+    {
+        return $this->getHeader('x-csrf-token') ?? $this->getHeader('http-x-csrf-token');
+    }
+
     /**
      * Get all headers
      * @return array