Refactor Route Resolving and Dispatch (#2425)

- Split DispatchRoute. This allows us to run middleware after we figure out which route we're on, but before we actually execute the controller for that route. - By making the route name explicitly available to middlewares, applications like CSRF and floodgate can set patterns based on route names instead of the path, which is an implementation detail. - Support using route name match for CSRF extender, deprecate path match
2025-08-17 22:01:44 +02:00 · 2020-11-10 12:52:12 -05:00
parent 67741c7a6f
commit 0c95774333
12 changed files with 116 additions and 31 deletions
--- a/src/Extend/Csrf.php
+++ b/src/Extend/Csrf.php
@@ -14,11 +14,28 @@ use Illuminate\Contracts\Container\Container;

 class Csrf implements ExtenderInterface
 {
-    protected $csrfExemptPaths = [];
+    protected $csrfExemptRoutes = [];

+    /**
+     * Exempt a named route from CSRF checks.
+     *
+     * @param string $routeName
+     */
+    public function exemptRoute(string $routeName)
+    {
+        $this->csrfExemptRoutes[] = $routeName;
+
+        return $this;
+    }
+
+    /**
+     * Exempt a path from csrf checks. Wildcards are supported.
+     *
+     * @deprecated beta 15, remove beta 16. Exempt routes should be used instead.
+     */
    public function exemptPath(string $path)
    {
-        $this->csrfExemptPaths[] = $path;
+        $this->csrfExemptRoutes[] = $path;

        return $this;
    }
@@ -26,7 +43,7 @@ class Csrf implements ExtenderInterface
    public function extend(Container $container, Extension $extension = null)
    {
        $container->extend('flarum.http.csrfExemptPaths', function ($existingExemptPaths) {
-            return array_merge($existingExemptPaths, $this->csrfExemptPaths);
+            return array_merge($existingExemptPaths, $this->csrfExemptRoutes);
        });
    }
 }