PHP Класс Cake\Controller\Component\CsrfComponent
This component adds a CSRF token to a cookie. The cookie value is compared to
request data, or the X-CSRF-Token header on each PATCH, POST,
PUT, or DELETE request.
If the request data is missing or does not match the cookie data,
a ForbiddenException will be raised.
This component integrates with the FormHelper automatically and when
used together your forms will have CSRF tokens automatically added
when
$this->Form->create(...) is used in a view.
Показать файл
Открыть проект
Примеры использования класса
Защищенные свойства (Protected)
| Свойство |
Тип |
Описание |
|
| $_defaultConfig |
array |
- cookieName = The name of the cookie to send.
- expiry = How long the CSRF token should last. Defaults to browser session.
- secure = Whether or not the cookie will be set with the Secure flag. Defaults to false.
- httpOnly = Whether or not the cookie will be set with the HttpOnly flag. Defaults to false.
- field = The form field to check. Changing this will also require configuring
FormHelper. |
|
Открытые методы
Защищенные методы
| Метод |
Описание |
|
|
_setCookie ( Cake\Network\Request $request, Response $response ) : void |
Set the cookie in the response. |
|
|
_validateToken ( Cake\Network\Request $request ) : void |
Validate the request data against the cookie token. |
|
Описание методов
_setCookie()
защищенный метод
Also sets the request->params['_csrfToken'] so the newly minted
token is available in the request data.
|
protected _setCookie ( Cake\Network\Request $request, Response $response ) : void |
|
$request |
Cake\Network\Request |
The request object. |
|
$response |
Cake\Network\Response |
The response object. |
| Результат |
void |
|
_validateToken()
защищенный метод
Validate the request data against the cookie token.
|
protected _validateToken ( Cake\Network\Request $request ) : void |
|
$request |
Cake\Network\Request |
The request to validate against. |
| Результат |
void |
|
implementedEvents()
публичный метод
Events supported by this component.
startup()
публичный метод
Validates the CSRF token for POST data. If
the request is a GET request, and the cookie value is absent a cookie will be set.
Once a cookie is set it will be copied into request->params['_csrfToken']
so that application and framework code can easily access the csrf token.
RequestAction requests do not get checked, nor will
they set a cookie should it be missing.
|
public startup ( Cake\Event\Event $event ) : void |
|
$event |
Cake\Event\Event |
Event instance. |
| Результат |
void |
|
Описание свойств
$_defaultConfig защищенное свойство
- cookieName = The name of the cookie to send.
- expiry = How long the CSRF token should last. Defaults to browser session.
- secure = Whether or not the cookie will be set with the Secure flag. Defaults to false.
- httpOnly = Whether or not the cookie will be set with the HttpOnly flag. Defaults to false.
- field = The form field to check. Changing this will also require configuring
FormHelper.
|
protected array $_defaultConfig |
| Результат |
array |
|
