Gitee
\
App
Controllers
Admin
Api
V1
Dao
Events
Listeners
Middlewares
Models
Providers
Repository
Services
Validate
Framework
Attributes
Routes
Basic
Scopes
Traits
Cache
Composer
Console
Commands
Container
Core
Exception
DI
Attribute
Event
Attribute
Middleware
ORM
Adapter
Exception
Factories
Trait
Providers
Repository
Security
Session
Translation
Utils
Validation
View

\Framework\MiddlewareCsrfProtectionMiddleware

Summary

Methods
Properties
Constants
__construct()
handle()
No public properties found
No constants found
No protected methods found
No protected properties found
N/A
isAjaxRequest()
matchPath()
$tokenManager
$tokenName
$except
$errorMessage
$removeAfterValidation
N/A

Properties

$tokenManager

$tokenManager : \Framework\Security\CsrfTokenManager

Type

CsrfTokenManager

$tokenName

$tokenName : string

CSRF Token 参数名 - 表单提交:_token - SPA/AJAX:Header X-CSRF-TOKEN / X-XSRF-TOKEN

Type

string

$except

$except : array

不进行 CSRF 校验的路径(支持通配符)

Type

array

$errorMessage

$errorMessage : string

校验失败时的错误提示

Type

string

$removeAfterValidation

$removeAfterValidation : bool

❗❗❗ 重要说明 ❗❗❗

在 SPA / AJAX 场景下:

  • CSRF Token 必须是「会话级别稳定值」
  • 禁止使用「用后即删」策略

removeAfterValidation 只适用于:

  • 非 SPA
  • 单请求、强顺序流程

因此这里强制默认为 false

Type

bool

Methods

__construct()

__construct(\Framework\Security\CsrfTokenManager  $tokenManager, string  $tokenName = '_token', array  $except = [], string  $errorMessage = 'Invalid CSRF token.', bool  $removeAfterValidation = false) : mixed

Parameters

\Framework\Security\CsrfTokenManager $tokenManager
string $tokenName
array $except
string $errorMessage
bool $removeAfterValidation

Returns

mixed —

handle()

handle(\Symfony\Component\HttpFoundation\Request  $request, callable  $next) : \Symfony\Component\HttpFoundation\Response

Parameters

\Symfony\Component\HttpFoundation\Request $request
callable $next

Returns

\Symfony\Component\HttpFoundation\Response —

isAjaxRequest()

isAjaxRequest(\Symfony\Component\HttpFoundation\Request  $request) : bool

判断是否为 AJAX / SPA 请求

Parameters

\Symfony\Component\HttpFoundation\Request $request

Returns

bool —

matchPath()

matchPath(string  $path, string  $pattern) : bool

Parameters

string $path
string $pattern

Returns

bool —