/** @var Enlight_Controller_Action $controller */
$controller =
$args->
getSubject();
$request =
$controller->
Request();
// do not check internal sub-requests or validated requests
if ($request->
getAttribute('_isSubrequest'
) ||
$request->
getAttribute(self::CSRF_WAS_VALIDATED
)) { return;
} if ($request->
isGet() && !
$this->
isProtected($controller)) { return;
} if ($request->
isPost() &&
$request->
isXmlHttpRequest()) { return;
} // skip whitelisted actions
if ($this->
isWhitelisted($controller)) { return;
}