Warn if CsrfComponent is used together with CsrfProtectionMiddleware

cakephp · Sep 16, 2018 · 8d44d24 · 8d44d24
1 parent bb9b3db
commit 8d44d24
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/Controller/Component/CsrfComponent.php b/src/Controller/Component/CsrfComponent.php
@@ -61,6 +61,19 @@ class CsrfComponent extends Component
         'field' => '_csrfToken',
     ];
 
+    /**
+     * Warn if CsrfComponent is used together with CsrfProtectionMiddleware
+     *
+     * @param array $config The config data.
+     * @return void
+     */
+    public function initialize(array $config)
+    {
+        if ($this->getController()->request->getParam('_csrfToken') !== false) {
+            triggerWarning('CSRF token already defined. Disable CsrfComponent if you use CsrfProtectionMiddleware.');
+        }
+    }
+
     /**
      * Startup callback.
      *