geckon01/simple-php-router
1
0
Fork 0
mirror of https://github.com/skipperbent/simple-php-router.git synced 2026-06-15 18:23:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #501 from DeveloperMarius/get-csrf-token

Browse Source 
get csrf token in request and test for prefix 'http-' in csrf token header
This commit is contained in:
Simon Sessingø
2021-03-21 14:57:10 +01:00
committed by GitHub
parent 388be3d870 31b4b4673e
commit dfcbbb4033
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Pecee/Http/Middleware/BaseCsrfVerifier.php
View File

@@ -64,11 +64,11 @@ class BaseCsrfVerifier implements IMiddleware
public function handle(Request $request): void
{
if ($this->skip($request) === false && \in_array($request->getMethod(), ['post', 'put', 'delete'], true) === true) {
if ($this->skip($request) === false && \in_array($request->getMethod(), ['post', 'put', 'patch', 'delete'], true) === true) {
$token = $request->getInputHandler()->value(
static::POST_KEY,
$request->getHeader(static::HEADER_KEY),
$request->getHeader(static::HEADER_KEY) ?? $request->getHeader('HTTP-' . static::HEADER_KEY),
'post'
);

9
src/Pecee/Http/Request.php
View File

@@ -147,6 +147,15 @@ class Request
return $this->getHeader('php-auth-pw');
}
/**
* Get the csrf token
* @return string|null
*/
public function getCsrfToken(): ?string
{
return $this->getHeader('x-csrf-token') ?? $this->getHeader('http-x-csrf-token');
}
/**
* Get all headers
* @return array