Class

eZ\Bundle\EzPublishRestBundle\EventListener\CsrfListener

class CsrfListener implements EventSubscriberInterface

Constants

CSRF_TOKEN_HEADER

Name of the HTTP header containing CSRF token.

Methods

__construct(EventDispatcherInterface $eventDispatcher, bool $csrfEnabled, string $csrfTokenIntention, CsrfTokenManagerInterface $csrfTokenManager = null)

Note that CSRF provider needs to be optional as it will not be available when CSRF protection is disabled.

static array getSubscribedEvents()

onKernelRequest(GetResponseEvent $event)

This method validates CSRF token if CSRF protection is enabled.

Details

at line 57
public __construct(EventDispatcherInterface $eventDispatcher, bool $csrfEnabled, string $csrfTokenIntention, CsrfTokenManagerInterface $csrfTokenManager = null)

Note that CSRF provider needs to be optional as it will not be available when CSRF protection is disabled.

Parameters

EventDispatcherInterface $eventDispatcher
bool $csrfEnabled
string $csrfTokenIntention
CsrfTokenManagerInterface $csrfTokenManager

at line 72
static public array getSubscribedEvents()

Return Value

array

at line 86
public onKernelRequest(GetResponseEvent $event)

This method validates CSRF token if CSRF protection is enabled.

Parameters

GetResponseEvent $event

Exceptions

UnauthorizedException