Provides CSRF protection & validation.
This component adds a CSRF token to a cookie. The cookie value is compared to request data, or the X-CSRF-Token header on each PATCH, POST, PUT, or DELETE request.
If the request data is missing or does not match the cookie data, an InvalidCsrfTokenException will be raised.
This component integrates with the FormHelper automatically and when used together your forms will have CSRF tokens automatically added when $this->Form->create(...)
is used in a view.
_setCookie( Cake\Network\Request $request , Cake\Network\Response $response )
Set the cookie in the response.
Also sets the request->params['_csrfToken'] so the newly minted token is available in the request data.
Cake\Network\Request
$request
Cake\Network\Response
$response
_validateToken( Cake\Network\Request $request )
Validate the request data against the cookie token.
Cake\Network\Request
$request
Cake\Network\Exception\InvalidCsrfTokenException
implementedEvents( )
Events supported by this component.
array
Cake\Controller\Component::implementedEvents()
startup( Cake\Event\Event $event )
Startup callback.
Validates the CSRF token for POST data. If the request is a GET request, and the cookie value is absent a cookie will be set.
Once a cookie is set it will be copied into request->params['_csrfToken'] so that application and framework code can easily access the csrf token.
RequestAction requests do not get checked, nor will they set a cookie should it be missing.
Cake\Event\Event
$event
__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )
Constructor
Cake\Controller\ComponentRegistry
$registry
$config
optional [] __debugInfo( )
Returns an array that can be used to describe the internal state of this object.
array
__get( string $name )
Magic method for lazy loading $components.
$name
mixed
initialize( array $config )
Constructor hook method.
Implement this method to avoid having to overwrite the constructor and call parent.
$config
_configDelete( string $key )
Delete a single config key
$key
Cake\Core\Exception\Exception
_configRead( string|null $key )
Read a config variable
$key
mixed
_configWrite( string|array $key , mixed $value , boolean|string $merge false )
Write a config variable
$key
$value
$merge
optional false Cake\Core\Exception\Exception
config( string|array|null $key null , mixed|null $value null , boolean $merge true )
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
$key
optional null $value
optional null $merge
optional true mixed
Cake\Core\Exception\Exception
configShallow( string|array $key , mixed|null $value null )
Merge provided config with existing config. Unlike config()
which does a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
$key
$value
optional null mixed
log( mixed $msg , integer|string $level LogLevel::ERROR , string|array $context [] )
Convenience method to write a message to Log. See Log::write() for more information on writing to logs.
$msg
$level
optional LogLevel::ERROR $context
optional [] boolean
protected array
A component lookup table used to lazy load component objects.
[]
protected Cake\Controller\ComponentRegistry
Component registry class used to lazy load components.
protected boolean
Whether the config property has already been configured with defaults
false
© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/3.1/class-Cake.Controller.Component.CsrfComponent.html