PHP 클래스 Cake\Controller\Component\CsrfComponent
This component adds a CSRF token to a cookie. The cookie value is compared to
request data, or the X-CSRF-Token header on each PATCH, POST,
PUT, or DELETE request.
If the request data is missing or does not match the cookie data,
a ForbiddenException will be raised.
This component integrates with the FormHelper automatically and when
used together your forms will have CSRF tokens automatically added
when
$this->Form->create(...) is used in a view.
파일 보기
프로젝트 열기: cakephp/cakephp
1 사용 예제들
보호된 프로퍼티들
| 프로퍼티 |
타입 |
설명 |
|
| $_defaultConfig |
array |
- cookieName = The name of the cookie to send.
- expiry = How long the CSRF token should last. Defaults to browser session.
- secure = Whether or not the cookie will be set with the Secure flag. Defaults to false.
- httpOnly = Whether or not the cookie will be set with the HttpOnly flag. Defaults to false.
- field = The form field to check. Changing this will also require configuring
FormHelper. |
|
공개 메소드들
보호된 메소드들
| 메소드 |
설명 |
|
|
_setCookie ( Cake\Network\Request $request, Response $response ) : void |
Set the cookie in the response. |
|
|
_validateToken ( Cake\Network\Request $request ) : void |
Validate the request data against the cookie token. |
|
메소드 상세
Also sets the request->params['_csrfToken'] so the newly minted
token is available in the request data.
|
protected _setCookie ( Cake\Network\Request $request, Response $response ) : void |
|
$request |
Cake\Network\Request |
The request object. |
|
$response |
Cake\Network\Response |
The response object. |
| 리턴 |
void |
|
Validate the request data against the cookie token.
|
protected _validateToken ( Cake\Network\Request $request ) : void |
|
$request |
Cake\Network\Request |
The request to validate against. |
| 리턴 |
void |
|
implementedEvents()
공개 메소드
Events supported by this component.
Validates the CSRF token for POST data. If
the request is a GET request, and the cookie value is absent a cookie will be set.
Once a cookie is set it will be copied into request->params['_csrfToken']
so that application and framework code can easily access the csrf token.
RequestAction requests do not get checked, nor will
they set a cookie should it be missing.
|
public startup ( Cake\Event\Event $event ) : void |
|
$event |
Cake\Event\Event |
Event instance. |
| 리턴 |
void |
|
프로퍼티 상세
$_defaultConfig 보호되어 있는 프로퍼티
- cookieName = The name of the cookie to send.
- expiry = How long the CSRF token should last. Defaults to browser session.
- secure = Whether or not the cookie will be set with the Secure flag. Defaults to false.
- httpOnly = Whether or not the cookie will be set with the HttpOnly flag. Defaults to false.
- field = The form field to check. Changing this will also require configuring
FormHelper.
|
protected array $_defaultConfig |
| 리턴 |
array |
|
