[news] CSRF 1.2.0

Minor verison of CSRF package was tagged adding ability to specify your own failure handler:
use Psr\Http\Message\ResponseFactoryInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; use Yiisoft\Csrf\CsrfMiddleware;

/**
* @var Psr\Http\Message\ResponseFactoryInterface $responseFactory
* @var Yiisoft\Csrf\CsrfTokenInterface $csrfToken
*/

$failureHandler = new class ($responseFactory) implements RequestHandlerInterface {
private ResponseFactoryInterface $responseFactory;

public function __construct(ResponseFactoryInterface $responseFactory)
{
$this->responseFactory = $responseFactory;
}

public function handle(ServerRequestInterface $request): ResponseInterface
{
$response = $this->responseFactory->createResponse(400);
$response->getBody()->write('Bad request.');
return $response;
}
};

$middleware = new CsrfMiddleware($responseFactory, $csrfToken, $failureHandler);

Login or register to post comments
Feed: Live News for Yii Framework
Original article

AddToAny

[news] CSRF 1.2.0