Public Member Functions | |
| process_request (&$request) | |
| process_response ($request, $response) | |
Static Public Member Functions | |
| static | makeToken ($session_key) |
This class provides a middleware that implements protection against request forgeries from other sites. This middleware must be before the Pluf_Middleware_Session middleware.
Based on concepts from the Django CSRF middleware.
| static Pluf_Middleware_Csrf::makeToken | ( | $ | session_key | ) | [static] |
| Pluf_Middleware_Csrf::process_request | ( | &$ | request | ) |
Process the request.
When processing the request, if a POST request with a session, we will check that the token is available and valid.
| Pluf_HTTP_Request | The request |
| Pluf_Middleware_Csrf::process_response | ( | $ | request, | |
| $ | response | |||
| ) |
Process the response of a view.
If we find a POST form, add the token to it.
| Pluf_HTTP_Request | The request | |
| Pluf_HTTP_Response | The response |