Fixed included triggering on other request-types than post

2026-06-13 09:13:17 +03:00 · 2023-12-09 18:39:33 +01:00
parent 0f55480156
commit 3534233a76
1 changed files with 1 additions and 1 deletions
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -98,7 +98,7 @@ class BaseCsrfVerifier implements IMiddleware
     */
    public function handle(Request $request): void
    {
-        if ($this->skip($request) === false && ($request->isPostBack() === true || $this->isIncluded($request) === true)) {
+        if ($this->skip($request) === false && ($request->isPostBack() === true || $request->isPostBack() === true && $this->isIncluded($request) === true)) {

            $token = $request->getInputHandler()->value(
                static::POST_KEY,