*/
use Psr\Container\ContainerInterface;
-use Galette\Entity\PdfModel;
-use Slim\Event\SlimEventManager;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
use Slim\Views\SmartyPlugins;
$container = $app->getContainer();
)
);
+$container->set(
+ 'CsrfExclusions',
+ function (ContainerInterface $c): array {
+ return $c->get('plugins')->getCsrfExclusions();
+ }
+);
+
$container->set(
'csrf',
function (ContainerInterface $c) {
true
);
- $guard->setFailureCallable(function ($request, $response, $next) {
+ $exclusions = $c->get('CsrfExclusions');
+ $guard->setFailureCallable(function (ServerRequestInterface $request, ResponseInterface $response, $next) use ($exclusions) {
+ foreach ($exclusions as $exclusion) {
+ if (preg_match($exclusion, $request->getAttribute('route')->getname())) {
+ //route is excluded form CSRF checks
+ return $next($request, $response);
+ }
+ }
Analog::log(
'CSRF check has failed',
Analog::CRITICAL
protected $path;
protected $modules = array();
protected $disabled = array();
+ protected $csrf_exclusions = array();
protected $id;
protected $mroot;
{
return str_replace(' ', '', $this->modules[$id]['name']);
}
+
+ /**
+ * Set CRSF excluded routes
+ *
+ * @param array $exclusions Array of regular expressions patterns to be excluded
+ *
+ * @return $this
+ */
+ public function setCsrfExclusions(array $exclusions): self
+ {
+ $this->csrf_exclusions = $exclusions;
+ return $this;
+ }
+
+ /**
+ * Get CSRF excluded routes patterns
+ *
+ * @return array
+ */
+ public function getCsrfExclusions(): array
+ {
+ return $this->csrf_exclusions;
+ }
}