hi everyone
this is my code to use mezzio-csrf :
//myHandler.php
public function handle(ServerRequestInterface $request) : ResponseInterface {
$guard = $request->getAttribute(CsrfMiddleware::GUARD_ATTRIBUTE);
if ($request->getMethod() === 'POST') {
$data = $request->getBody()->getContents();
$dataArray = json_decode($data, true);
$token = $dataArray['data']['csrf'] ?? '';
if (!$guard->validateToken($token, 'test')) {
return new EmptyResponse(412);
}
}
$csrfToken = $guard->generateToken('test');
// Create and return a response
return new JsonResponse(['_csrf'=>$csrfToken]);
}
//config/pipeline.php
/*** ***/
$app->pipe(SessionMiddleware::class);
$app->pipe(CsrfMiddleware::class);
/*** ***/
but, not working
i also checked the session:
$session = $request->getAttribute(SessionMiddleware::SESSION_ATTRIBUTE);
var_dump($session->has('test'));
return false
why???