Merge pull request #302 from skipperbent/v3

V3
This commit is contained in:
Simon Sessingø
2017-10-23 22:08:23 +02:00
committed by GitHub
3 changed files with 18 additions and 2 deletions
+14
View File
@@ -709,6 +709,20 @@ You can get the CSRF-token by calling the helper method:
csrf_token(); csrf_token();
``` ```
The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
You can change the key by overwriting the constant in your own CSRF-verifier class.
**Example:**
The example below will post to the current url with a hidden field "`csrf_token`".
```html
<form method="post" action="<?= url(); ?>">
<input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
<!-- other input elements here -->
</form>
```
--- ---
# Middlewares # Middlewares
@@ -1,4 +1,5 @@
<?php <?php
namespace Pecee\Http\Middleware; namespace Pecee\Http\Middleware;
use Pecee\CsrfToken; use Pecee\CsrfToken;
+2 -1
View File
@@ -285,7 +285,8 @@ class Router
} }
if ($routeNotAllowed === true) { if ($routeNotAllowed === true) {
$this->handleException(new HttpException('Route or method not allowed', 403)); $message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUri()->getPath(), $this->request->getMethod());
$this->handleException(new HttpException($message, 403));
} }
if ($this->request->getLoadedRoute() === null) { if ($this->request->getLoadedRoute() === null) {