<?php namespace App\Filters;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Security\Exceptions\SecurityException;
use Config\Services;
class CSRF implements FilterInterface
{
/**
* Do whatever processing this filter needs to do.
* By default it should not return anything during
* normal execution. However, when an abnormal state
* is found, it should return an instance of
* CodeIgniter\HTTP\Response. If it does, script
* execution will end and that Response will be
* sent back to the client, allowing for error pages,
* redirects, etc.
*
* @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
*
* @return mixed
*/
public function before(RequestInterface $request)
{
if ($request->isCLI())
{
return;
}
$security = Services::security();
try
{
$security->CSRFVerify($request);
}
catch (SecurityException $e)
{
if (config('App')->CSRFRedirect && ! $request->isAJAX())
{
return redirect()->back()->with('error', $e->getMessage());
}
throw $e;
}
}
//--------------------------------------------------------------------
/**
* We don't have anything to do here.
*
* @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
* @param ResponseInterface|\CodeIgniter\HTTP\Response $response
*
* @return mixed
*/
public function after(RequestInterface $request, ResponseInterface $response)
{
}
//--------------------------------------------------------------------
}
Jim Parry