SecurityController
Security Controller Trait Adds cross-site scripting protection methods to a controller based class
Tags
Table of Contents
- makeXsrfCookie() : Cookie
- Adds anti-CSRF cookie.
- verifyCsrfToken() : bool
- Checks the request data / headers for a valid CSRF token.
- verifyForceSecure() : bool
- Checks if the back-end should force a secure protocol (HTTPS) enabled by config.
Methods
makeXsrfCookie()
Adds anti-CSRF cookie.
protected
makeXsrfCookie() : Cookie
Adds a cookie with a token for CSRF checks to the response.
Return values
Cookie —verifyCsrfToken()
Checks the request data / headers for a valid CSRF token.
protected
verifyCsrfToken() : bool
Returns false if a valid token is not found. Override this method to disable the check.
Return values
bool —verifyForceSecure()
Checks if the back-end should force a secure protocol (HTTPS) enabled by config.
protected
verifyForceSecure() : bool