class VerifyCsrfToken (View source)

Traits

Properties

protected Application $app

The application instance.

protected Encrypter $encrypter

The encrypter implementation.

protected array<int,string> $except

The URIs that should be excluded.

static protected array $neverVerify

The globally ignored URIs that should be excluded from CSRF verification.

protected bool $addHttpCookie

Indicates whether the XSRF-TOKEN cookie should be set on the response.

Methods

int
secondsUntil(DateTimeInterface|DateInterval|int $delay)

Get the number of seconds until the given DateTime.

int
availableAt(DateTimeInterface|DateInterval|int $delay = 0)

Get the "available at" UNIX timestamp.

parseDateInterval(DateTimeInterface|DateInterval|int $delay)

If the given value is an interval, convert it to a DateTime instance.

int
currentTime()

Get the current system time as a UNIX timestamp.

string
runTimeForHumans(float $startTime, float $endTime = null)

Given a start time, format the total run time for human readability.

bool
inExceptArray(Request $request)

Determine if the request has a URI that should be excluded.

array
getExcludedPaths()

Get the URIs that should be excluded.

void
__construct(Application $app, Encrypter $encrypter)

Create a new middleware instance.

mixed
handle(Request $request, Closure $next)

Handle an incoming request.

bool
isReading(Request $request)

Determine if the HTTP request uses a ‘read’ verb.

bool
runningUnitTests()

Determine if the application is running unit tests.

bool
tokensMatch(Request $request)

Determine if the session and input CSRF tokens match.

string|null
getTokenFromRequest(Request $request)

Get the CSRF token from the request.

bool
shouldAddXsrfTokenCookie()

Determine if the cookie should be added to the response.

Response
addCookieToResponse(Request $request, Response $response)

Add the CSRF token to the response cookies.

Cookie
newCookie(Request $request, array $config)

Create a new "XSRF-TOKEN" cookie that contains the CSRF token.

static void
except(array|string $uris)

Indicate that the given URIs should be excluded from CSRF verification.

static bool
serialized()

Determine if the cookie contents should be serialized.

static void
flushState()

Flush the state of the middleware.

Details

protected int secondsUntil(DateTimeInterface|DateInterval|int $delay)

Get the number of seconds until the given DateTime.

Parameters

DateTimeInterface|DateInterval|int $delay

Return Value

int

protected int availableAt(DateTimeInterface|DateInterval|int $delay = 0)

Get the "available at" UNIX timestamp.

Parameters

DateTimeInterface|DateInterval|int $delay

Return Value

int

protected DateTimeInterface|int parseDateInterval(DateTimeInterface|DateInterval|int $delay)

If the given value is an interval, convert it to a DateTime instance.

Parameters

DateTimeInterface|DateInterval|int $delay

Return Value

DateTimeInterface|int

protected int currentTime()

Get the current system time as a UNIX timestamp.

Return Value

int

protected string runTimeForHumans(float $startTime, float $endTime = null)

Given a start time, format the total run time for human readability.

Parameters

float $startTime
float $endTime

Return Value

string

protected bool inExceptArray(Request $request)

Determine if the request has a URI that should be excluded.

Parameters

Request $request

Return Value

bool

array getExcludedPaths()

Get the URIs that should be excluded.

Return Value

array

void __construct(Application $app, Encrypter $encrypter)

Create a new middleware instance.

Parameters

Application $app
Encrypter $encrypter

Return Value

void

mixed handle(Request $request, Closure $next)

Handle an incoming request.

Parameters

Request $request
Closure $next

Return Value

mixed

Exceptions

TokenMismatchException

protected bool isReading(Request $request)

Determine if the HTTP request uses a ‘read’ verb.

Parameters

Request $request

Return Value

bool

protected bool runningUnitTests()

Determine if the application is running unit tests.

Return Value

bool

protected bool tokensMatch(Request $request)

Determine if the session and input CSRF tokens match.

Parameters

Request $request

Return Value

bool

protected string|null getTokenFromRequest(Request $request)

Get the CSRF token from the request.

Parameters

Request $request

Return Value

string|null

bool shouldAddXsrfTokenCookie()

Determine if the cookie should be added to the response.

Return Value

bool

protected Response addCookieToResponse(Request $request, Response $response)

Add the CSRF token to the response cookies.

Parameters

Request $request
Response $response

Return Value

Response

protected Cookie newCookie(Request $request, array $config)

Create a new "XSRF-TOKEN" cookie that contains the CSRF token.

Parameters

Request $request
array $config

Return Value

Cookie

static void except(array|string $uris)

Indicate that the given URIs should be excluded from CSRF verification.

Parameters

array|string $uris

Return Value

void

static bool serialized()

Determine if the cookie contents should be serialized.

Return Value

bool

static void flushState()

Flush the state of the middleware.

Return Value

void