mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-12 05:04:15 +02:00
Code Issues Projects Releases Wiki Activity

csrf token key config option added

Browse Source
This commit is contained in:
Milos Stojanovic
2021-02-12 12:57:38 +01:00
parent 18af243b5b
commit a8be107121
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/Services/Security/Security.php
View File

@@ -34,13 +34,16 @@ class Security implements Service
public function init(array $config = [])
{
if ($config['csrf_protection']) {
$key = isset($config['csrf_key']) ? $config['csrf_key'] : 'protection';
$http_method = $this->request->getMethod();
$csrfManager = new CsrfTokenManager();
if (in_array($http_method, ['GET', 'HEAD', 'OPTIONS'])) {
$this->response->headers->set('X-CSRF-Token', $csrfManager->getToken('protection'));
$this->response->headers->set('X-CSRF-Token', $csrfManager->getToken($key));
} else {
$token = new CsrfToken('protection', $this->request->headers->get('X-CSRF-Token'));
$token = new CsrfToken($key, $this->request->headers->get('X-CSRF-Token'));
if (! $csrfManager->isTokenValid($token)) {
throw new \Exception('Csrf token not valid');