0 follower

Final Class Yiisoft\Csrf\MaskedCsrfToken

All Classes | Methods
InheritanceYiisoft\Csrf\MaskedCsrfToken
ImplementsYiisoft\Csrf\CsrfTokenInterface

Masked CSRF token applies masking to a token string. It makes BREACH attack impossible so it is safe to use it in HTML to be later passed to the next request either as a hidden form field or via JavaScript async request.

See also \Yiisoft\Security\TokenMask.

Public Methods

Hide inherited methods

Method Description Defined By
__construct() Yiisoft\Csrf\MaskedCsrfToken
getValue() Yiisoft\Csrf\MaskedCsrfToken
validate() Yiisoft\Csrf\MaskedCsrfToken

Method Details

Hide inherited methods

__construct() public method

public __construct( Yiisoft\Csrf\CsrfTokenInterface $token ): mixed
$token Yiisoft\Csrf\CsrfTokenInterface 

                public function __construct(CsrfTokenInterface $token)
{
    $this->token = $token;
}
getValue() public method

public getValue( ): string

                public function getValue(): string
{
    return TokenMask::apply(
        $this->token->getValue(),
    );
}
validate() public method

public validate( string $token ): boolean
$token string 

                public function validate(string $token): bool
{
    return $this->token->validate(
        TokenMask::remove($token),
    );
}