From 05e5461acbccc09c91ad38530e5bf91338ff166e Mon Sep 17 00:00:00 2001
From: Marius Karstedt <m.karstedt@repaste.de>
Date: Sun, 21 Mar 2021 11:40:37 +0100
Subject: [PATCH 1/2] get csrf token in request; Test for prefix 'http-' in
 csrf token header

---
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 2 +-
 src/Pecee/Http/Request.php                     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index 4815e8c..8baaade 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -68,7 +68,7 @@ class BaseCsrfVerifier implements IMiddleware
 
             $token = $request->getInputHandler()->value(
                 static::POST_KEY,
-                $request->getHeader(static::HEADER_KEY),
+                $request->getHeader(static::HEADER_KEY) ?? $request->getHeader('HTTP-' . static::HEADER_KEY),
                 'post'
             );
 
diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php
index e2bccae..c695008 100644
--- a/src/Pecee/Http/Request.php
+++ b/src/Pecee/Http/Request.php
@@ -147,6 +147,15 @@ class Request
         return $this->getHeader('php-auth-pw');
     }
 
+    /**
+     * Get the csrf token
+     * @return string|null
+     */
+    public function getCsrfToken(): ?string
+    {
+        return $this->getHeader('x-csrf-token') ?? $this->getHeader('http-x-csrf-token');
+    }
+
     /**
      * Get all headers
      * @return array

From 31b4b4673e5c31e9d9944fa09c1cf8adf943d0e3 Mon Sep 17 00:00:00 2001
From: Marius Karstedt <m.karstedt@repaste.de>
Date: Sun, 21 Mar 2021 12:20:57 +0100
Subject: [PATCH 2/2] add csrf token check for patch

---
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index 8baaade..e92310e 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware
     public function handle(Request $request): void
     {
 
-        if ($this->skip($request) === false && \in_array($request->getMethod(), ['post', 'put', 'delete'], true) === true) {
+        if ($this->skip($request) === false && \in_array($request->getMethod(), ['post', 'put', 'patch', 'delete'], true) === true) {
 
             $token = $request->getInputHandler()->value(
                 static::POST_KEY,