return;
} $controller =
$args->
getSubject();
if ($this->
isWhitelisted($controller)) { return;
} $expected =
$this->container->
get('backendsession'
)->
offsetGet(self::CSRF_TOKEN_HEADER
);
if (!\
is_string($expected)) { throw new CSRFTokenValidationException('The backend session does not contain a valid CSRF token'
);
} $token =
$controller->
Request()->
getHeader(self::CSRF_TOKEN_HEADER
);
if (empty($token)) { $token =
$controller->
Request()->
getParam(self::CSRF_TOKEN_ARGUMENT
);
} if (!
hash_equals($expected,
$token)) { throw new CSRFTokenValidationException(sprintf('The provided CSRF-Token is invalid. If you\'re sure that the request to path "%s" should be valid, the called controller action needs to be whitelisted using the CSRFWhitelistAware interface.',
$controller->
Request()->
getRequestUri()));
} }