CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
CSRFTokenValidationException example
return;
}
$controller = $args->getSubject();
if ($this->isWhitelisted($controller)) {
return;
}
$expected = $this->container->get('backendsession')->offsetGet(self::CSRF_TOKEN_HEADER);
if (!\is_string($expected)) {
throw new CSRFTokenValidationException('The backend session does not contain a valid CSRF token');
}
$token = $controller->Request()->getHeader(self::CSRF_TOKEN_HEADER);
if (empty($token)) {
$token = $controller->Request()->getParam(self::CSRF_TOKEN_ARGUMENT);
}
if (!hash_equals($expected, $token)) {
throw new CSRFTokenValidationException(sprintf('The provided CSRF-Token is invalid. If you\'re sure that the request to path "%s" should be valid, the called controller action needs to be whitelisted using the CSRFWhitelistAware interface.', $controller->Request()->getRequestUri()));
}
}
}
$controller = $args->getSubject();
if ($this->isWhitelisted($controller)) {
return;
}
$expected = $this->container->get('backendsession')->offsetGet(self::CSRF_TOKEN_HEADER);
if (!\is_string($expected)) {
throw new CSRFTokenValidationException('The backend session does not contain a valid CSRF token');
}
$token = $controller->Request()->getHeader(self::CSRF_TOKEN_HEADER);
if (empty($token)) {
$token = $controller->Request()->getParam(self::CSRF_TOKEN_ARGUMENT);
}
if (!hash_equals($expected, $token)) {
throw new CSRFTokenValidationException(sprintf('The provided CSRF-Token is invalid. If you\'re sure that the request to path "%s" should be valid, the called controller action needs to be whitelisted using the CSRFWhitelistAware interface.', $controller->Request()->getRequestUri()));
}
}