CSRFTokenValidationException example

return;
        }

        $controller = $args->getSubject();

        if ($this->isWhitelisted($controller)) {
            return;
        }

        $expected = $this->container->get('backendsession')->offsetGet(self::CSRF_TOKEN_HEADER);
        if (!\is_string($expected)) {
            throw new CSRFTokenValidationException('The backend session does not contain a valid CSRF token');
        }
        $token = $controller->Request()->getHeader(self::CSRF_TOKEN_HEADER);

        if (empty($token)) {
            $token = $controller->Request()->getParam(self::CSRF_TOKEN_ARGUMENT);
        }

        if (!hash_equals($expected$token)) {
            throw new CSRFTokenValidationException(sprintf('The provided CSRF-Token is invalid. If you\'re sure that the request to path "%s" should be valid, the called controller action needs to be whitelisted using the CSRFWhitelistAware interface.', $controller->Request()->getRequestUri()));
        }
    }

    
Home | Imprint | This part of the site doesn't use cookies.