Merge pull request #301 from skipperbent/v3-development

Version 3.4.5.3
Merge pull request #300 from skipperbent/csrf-documentation
2026-06-24 20:19:17 +00:00 · 2017-10-23 22:08:09 +02:00 · 2017-10-23 22:05:41 +02:00 · 2017-10-23 22:05:27 +02:00 · 2017-10-23 22:04:28 +02:00 · 2017-10-23 22:01:19 +02:00
3 changed files with 18 additions and 2 deletions
@@ -709,6 +709,20 @@ You can get the CSRF-token by calling the helper method:
 csrf_token();
 ```

+The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
+You can change the key by overwriting the constant in your own CSRF-verifier class.
+
+**Example:**
+
+The example below will post to the current url with a hidden field "`csrf_token`".
+
+```html
+<form method="post" action="<?= url(); ?>">
+    <input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
+    <!-- other input elements here -->
+</form>
+```
+
 ---

 # Middlewares
@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee\Http\Middleware;

 use Pecee\CsrfToken;
@@ -285,7 +285,8 @@ class Router
        }

        if ($routeNotAllowed === true) {
-            $this->handleException(new HttpException('Route or method not allowed', 403));
+			$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUri()->getPath(), $this->request->getMethod());
+            $this->handleException(new HttpException($message, 403));
        }

        if ($this->request->getLoadedRoute() === null) {
@@ -594,4 +595,4 @@ class Router
        return $this;
    }

-}
+}
Author	SHA1	Message	Date
Simon Sessingø	a565f66c4c	Merge pull request #301 from skipperbent/v3-development Version 3.4.5.3	2017-10-23 22:08:09 +02:00
Simon Sessingø	832ef992a3	Merge pull request #300 from skipperbent/csrf-documentation Added CSRF form-example in documentation (issue: #299)	2017-10-23 22:05:41 +02:00
Simon Sessingø	cc5e417db9	Update README.md	2017-10-23 22:05:27 +02:00
Simon Sessingø	2cc90e28d0	Update README.md	2017-10-23 22:04:28 +02:00
Simon Sessingø	eb63a5d6ba	Added CSRF form-example in documentation (issue: #299 )	2017-10-23 22:01:19 +02:00
Simon Sessingø	a07b30a80d	Merge pull request #298 from jatubio/patch-2 Added more info on route or method not allowed exception	2017-10-12 15:53:03 +02:00
Juan Antonio Tubio	c45cd6347a	Added more info on route or method not allowed exception	2017-10-11 16:02:26 +02:00
Simon Sessingø	4a353efc97	Merge pull request #296 from skipperbent/v3 V3	2017-10-07 17:53:27 +02:00
Simon Sessingø	18fa0f9610	Merge pull request #294 from skipperbent/v3 V3	2017-09-25 08:51:13 +02:00
Simon Sessingø	60393a3722	Merge pull request #291 from skipperbent/v3 V3	2017-09-03 19:43:22 +02:00
Simon Sessingø	3df3ef36ef	Merge pull request #288 from skipperbent/v3 V3	2017-08-31 13:05:45 +02:00
Simon Sessingø	c723ca7e61	Merge pull request #283 from skipperbent/v3 V3	2017-08-24 16:53:29 +02:00
Simon Sessingø	e3b6899375	Merge pull request #280 from skipperbent/v3 V3	2017-08-24 03:13:06 +02:00
Simon Sessingø	a179450018	Merge pull request #277 from skipperbent/v3 V3	2017-08-23 23:50:26 +02:00
Simon Sessingø	ac3e9ed2ac	Merge pull request #274 from skipperbent/v3 V3	2017-08-23 22:31:00 +02:00