CsrfFilter
extends Filter
in package
Framework-level CSRF protection filter.
Validates CSRF tokens on state-changing requests (POST, PUT, DELETE, PATCH)
to prevent Cross-Site Request Forgery. Register as the 'csrf' route filter
and apply via filters: ['csrf'] on unsafe-method routes.
Table of Contents
Properties
- $_csrfToken : CsrfToken
- $_exemptMethods : array<int, string>
Methods
- __construct() : mixed
- post() : mixed|null
- pre() : mixed|null
- validateCsrfToken() : void
- Validate the request's CSRF token.
- getTokenFromRequest() : string|null
- Extract the CSRF token from the POST body or X-CSRF-Token header.
Properties
$_csrfToken
private
CsrfToken
$_csrfToken
$_exemptMethods
private
array<int, string>
$_exemptMethods
= ['GET', 'HEAD', 'OPTIONS']
Methods
__construct()
public
__construct(CsrfToken $csrfToken) : mixed
Parameters
- $csrfToken : CsrfToken
post()
public
post(RouteMap $route) : mixed|null
Parameters
- $route : RouteMap
Return values
mixed|nullpre()
public
pre(RouteMap $route) : mixed|null
Parameters
- $route : RouteMap
Return values
mixed|nullvalidateCsrfToken()
Validate the request's CSRF token.
protected
validateCsrfToken(RouteMap $route) : void
Parameters
- $route : RouteMap
Tags
getTokenFromRequest()
Extract the CSRF token from the POST body or X-CSRF-Token header.
private
getTokenFromRequest() : string|null