Mezzio-csrf not working

mh_sam · September 24, 2021, 12:43pm

hi everyone

this is my code to use mezzio-csrf :

//myHandler.php
public function handle(ServerRequestInterface $request) : ResponseInterface {

    $guard = $request->getAttribute(CsrfMiddleware::GUARD_ATTRIBUTE);

    if ($request->getMethod() === 'POST') {
        $data = $request->getBody()->getContents();
        $dataArray = json_decode($data, true);
            
        $token = $dataArray['data']['csrf'] ?? '';
        if (!$guard->validateToken($token, 'test')) {
                return new EmptyResponse(412);
        }
    }

    $csrfToken = $guard->generateToken('test');
    // Create and return a response
    return new JsonResponse(['_csrf'=>$csrfToken]);        
}

//config/pipeline.php
    /*** ***/
    
    $app->pipe(SessionMiddleware::class);
    $app->pipe(CsrfMiddleware::class);
    
    /*** ***/

but, not working

i also checked the session:

$session = $request->getAttribute(SessionMiddleware::SESSION_ATTRIBUTE);

var_dump($session->has('test'));

return false

why???

Topic		Replies	Views
Timeout options for mezzio-csrf Mezzio mezzio-csrf	6	347	June 10, 2022
CSRF and expired session Mezzio expressive , session	4	841	November 12, 2019
Use of laminas-authorization in a Mezzio application Mezzio	0	319	June 18, 2021
Laminas,Mezzio security Mezzio	1	242	July 12, 2023
Unit testing with session Mezzio expressive , session , phpunit	5	3320	September 21, 2018

Mezzio-csrf not working

Related topics