Permalink
Browse files

Merge remote-tracking branch 'github/4.5' into 4.5

  • Loading branch information...
Ben-Ho committed Nov 6, 2017
2 parents 4365175 + d57df5c commit 190f3e18d46a9f17abac8dd4e1804953087f7bdf
Showing with 22 additions and 0 deletions.
  1. +17 −0 KwfBundle/EventListener/CsrfProtection.php
  2. +5 −0 KwfBundle/Resources/config/services.yml
@@ -0,0 +1,17 @@
<?php
namespace KwfBundle\EventListener;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
class CsrfProtection
{
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
if ($request->headers->get('X-Requested-With') !== 'XMLHttpRequest') {
throw new AccessDeniedHttpException('Missing X-Requested-With header');
}
}
}
@@ -55,3 +55,8 @@ services:
class: KwfBundle\EventListener\ModelObserverProcess
tags:
- { name: kernel.event_listener, event: kernel.terminate }
kwf.crsfprotection_listener:
class: KwfBundle\EventListener\CsrfProtection
tags:
- { name: kernel.event_listener, event: kernel.request, priority: 12 }

0 comments on commit 190f3e1

Please sign in to comment.