Compare commits
No commits in common. "845f1fe2627b66787ca0a0993aa7b25b5c95d9e9" and "84df9480124480c544d68251d5bd19fbc7f1e54e" have entirely different histories.
845f1fe262
...
84df948012
@ -35,7 +35,7 @@ if ($match !== null) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
|
if ($method === 'post' && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
|
||||||
$content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']);
|
$content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']);
|
||||||
header('Content-Type: text/html; charset=UTF-8', true, 403);
|
header('Content-Type: text/html; charset=UTF-8', true, 403);
|
||||||
$content->render();
|
$content->render();
|
||||||
|
3
web.php
3
web.php
@ -78,6 +78,3 @@ Container::$request = new SokoWeb\Request\Request(
|
|||||||
if (!Container::$request->session()->has('anti_csrf_token')) {
|
if (!Container::$request->session()->has('anti_csrf_token')) {
|
||||||
Container::$request->session()->set('anti_csrf_token', bin2hex(random_bytes(16)));
|
Container::$request->session()->set('anti_csrf_token', bin2hex(random_bytes(16)));
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: make a nicer logic
|
|
||||||
$antiCsrfTokenExceptions = ['oauth/token'];
|
|
||||||
|
Loading…
Reference in New Issue
Block a user