PreventRequestForgery
class PreventRequestForgery (View source)
Traits
Properties
| protected Application | $app | The application instance. |
|
| protected Encrypter | $encrypter | The encrypter implementation. |
|
| protected array<int,string> | $except | The URIs that should be excluded. |
|
| static protected array | $neverVerify | The globally ignored URIs that should be excluded from CSRF verification. |
|
| protected bool | $addHttpCookie | Indicates whether the XSRF-TOKEN cookie should be set on the response. |
|
| static protected bool | $allowSameSite | Indicates whether requests from the same site should be allowed. |
|
| static protected bool | $originOnly | Indicates whether only origin verification should be used. |
Methods
Get the URIs that should be excluded.
Get the number of seconds until the given DateTime.
If the given value is an interval, convert it to a DateTime instance.
Given a start time, format the total run time for human readability.
Determine if the application is running unit tests.
Determine if the request has a valid origin based on the Sec-Fetch-Site header.
Determine if the cookie should be added to the response.
Add the CSRF token to the response cookies.
Indicate that the given URIs should be excluded from CSRF verification.
Indicate that requests from the same site should be allowed.
Indicate that only origin verification should be used.
Determine if the cookie contents should be serialized.
Flush the state of the middleware.
Details
protected bool
inExceptArray(Request $request)
Determine if the request has a URI that should be excluded.
array
getExcludedPaths()
Get the URIs that should be excluded.
protected int
secondsUntil(DateTimeInterface|DateInterval|int $delay)
Get the number of seconds until the given DateTime.
protected int
availableAt(DateTimeInterface|DateInterval|int $delay = 0)
Get the "available at" UNIX timestamp.
protected DateTimeInterface|int
parseDateInterval(DateTimeInterface|DateInterval|int $delay)
If the given value is an interval, convert it to a DateTime instance.
protected int
currentTime()
Get the current system time as a UNIX timestamp.
protected string
runTimeForHumans(float $startTime, float|null $endTime = null)
Given a start time, format the total run time for human readability.
__construct(Application $app, Encrypter $encrypter)
Create a new middleware instance.
protected bool
isReading(Request $request)
Determine if the HTTP request uses a ‘read’ verb.
protected bool
runningUnitTests()
Determine if the application is running unit tests.
protected bool
hasValidOrigin(Request $request)
Determine if the request has a valid origin based on the Sec-Fetch-Site header.
protected bool
tokensMatch(Request $request)
Determine if the session and input CSRF tokens match.
protected string|null
getTokenFromRequest(Request $request)
Get the CSRF token from the request.
bool
shouldAddXsrfTokenCookie()
Determine if the cookie should be added to the response.
protected Response
addCookieToResponse(Request $request, Response $response)
Add the CSRF token to the response cookies.
protected Cookie
newCookie(Request $request, array $config)
Create a new "XSRF-TOKEN" cookie that contains the CSRF token.
static void
except(array|string $uris)
Indicate that the given URIs should be excluded from CSRF verification.
static void
allowSameSite(bool $allow = true)
Indicate that requests from the same site should be allowed.
static void
useOriginOnly(bool $originOnly = true)
Indicate that only origin verification should be used.
static bool
serialized()
Determine if the cookie contents should be serialized.
static void
flushState()
Flush the state of the middleware.