0 follower

Final Class Yiisoft\Csrf\CsrfHeaderMiddleware

All Classes | Methods | Constants
InheritanceYiisoft\Csrf\CsrfHeaderMiddleware
ImplementsPsr\Http\Server\MiddlewareInterface

PSR-15 middleware that takes care of custom HTTP header CSRF validation.

Public Methods

Hide inherited methods

Method Description Defined By
__construct() Yiisoft\Csrf\CsrfHeaderMiddleware
getHeaderName() Yiisoft\Csrf\CsrfHeaderMiddleware
process() Yiisoft\Csrf\CsrfHeaderMiddleware
withHeaderName() Yiisoft\Csrf\CsrfHeaderMiddleware
withUnsafeMethods() Yiisoft\Csrf\CsrfHeaderMiddleware

Constants

Hide inherited constants

Constant Value Description Defined By
HEADER_NAME 'X-CSRF-Header' Yiisoft\Csrf\CsrfHeaderMiddleware

Method Details

Hide inherited methods

__construct() public method

public mixed __construct ( \Psr\Http\Message\ResponseFactoryInterface $responseFactory, \Psr\Http\Server\RequestHandlerInterface|null $failureHandler null )
$responseFactory \Psr\Http\Message\ResponseFactoryInterface
$failureHandler \Psr\Http\Server\RequestHandlerInterface|null 

                public function __construct(
    ResponseFactoryInterface $responseFactory,
    ?RequestHandlerInterface $failureHandler = null
) {
    $this->responseFactory = $responseFactory;
    $this->failureHandler = $failureHandler;
}
getHeaderName() public method

public string getHeaderName ( )

                public function getHeaderName(): string
{
    return $this->headerName;
}
process() public method

public \Psr\Http\Message\ResponseInterface process ( \Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler )
$request \Psr\Http\Message\ServerRequestInterface
$handler \Psr\Http\Server\RequestHandlerInterface 

                public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
    if ($this->validateCsrfToken($request)) {
        return $handler->handle($request);
    }
    if ($this->failureHandler !== null) {
        return $this->failureHandler->handle($request);
    }
    $response = $this->responseFactory->createResponse(Status::UNPROCESSABLE_ENTITY);
    $response
        ->getBody()
        ->write(Status::TEXTS[Status::UNPROCESSABLE_ENTITY]);
    return $response;
}
withHeaderName() public method

public self withHeaderName ( string $name )
$name string 

                public function withHeaderName(string $name): self
{
    $new = clone $this;
    $new->headerName = $name;
    return $new;
}
withUnsafeMethods() public method

public self withUnsafeMethods ( array $methods )
$methods array

"unsafe" methods not triggered a CORS-preflight request

 

                public function withUnsafeMethods(array $methods): self
{
    $new = clone $this;
    $new->unsafeMethods = $methods;
    return $new;
}