mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-07-11 08:12:18 +00:00
@@ -709,6 +709,20 @@ You can get the CSRF-token by calling the helper method:
|
|||||||
csrf_token();
|
csrf_token();
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
|
||||||
|
You can change the key by overwriting the constant in your own CSRF-verifier class.
|
||||||
|
|
||||||
|
**Example:**
|
||||||
|
|
||||||
|
The example below will post to the current url with a hidden field "`csrf_token`".
|
||||||
|
|
||||||
|
```html
|
||||||
|
<form method="post" action="<?= url(); ?>">
|
||||||
|
<input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
|
||||||
|
<!-- other input elements here -->
|
||||||
|
</form>
|
||||||
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Middlewares
|
# Middlewares
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
namespace Pecee\Http\Middleware;
|
namespace Pecee\Http\Middleware;
|
||||||
|
|
||||||
use Pecee\CsrfToken;
|
use Pecee\CsrfToken;
|
||||||
|
|||||||
@@ -285,7 +285,8 @@ class Router
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($routeNotAllowed === true) {
|
if ($routeNotAllowed === true) {
|
||||||
$this->handleException(new HttpException('Route or method not allowed', 403));
|
$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUri()->getPath(), $this->request->getMethod());
|
||||||
|
$this->handleException(new HttpException($message, 403));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->request->getLoadedRoute() === null) {
|
if ($this->request->getLoadedRoute() === null) {
|
||||||
@@ -594,4 +595,4 @@ class Router
|
|||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user