mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-08 09:26:34 +02:00
Code Issues Releases Wiki Activity

Accept CSRF token in request body as well

Browse Source
This commit is contained in:
Franz Liedke
2019-06-12 22:14:36 +02:00
parent 5d64056e89
commit 7f7484e790
2 changed files with 62 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Http/Middleware/CheckCsrfToken.php
View File

@@ -39,7 +39,8 @@ class CheckCsrfToken implements Middleware
private function tokensMatch(Request $request): bool
{
$expected = (string) $request->getAttribute('session')->token();
$provided = $request->getHeaderLine('X-CSRF-Token'); // TODO: Use form field, if provided
$provided = $request->getParsedBody()['csrfToken'] ??
$request->getHeaderLine('X-CSRF-Token');
return hash_equals($expected, $provided);
}