Permalink
Browse files

Presenter: signal must be sent from the same origin unless they have …

…annotation @crossorigin (BC break)

Experimental
  • Loading branch information...
dg committed Sep 4, 2018
1 parent bf27ffc commit 8a654f3276cc5d71b351db4a0795b3a3ad6783a7
Showing with 9 additions and 0 deletions.
  1. +8 −0 src/Application/UI/Component.php
  2. +1 −0 src/Application/UI/Presenter.php
@@ -104,6 +104,14 @@ protected function tryCall(string $method, array $params): bool
*/
public function checkRequirements($element): void
{
if (
$element instanceof \ReflectionMethod
&& substr($element->getName(), 0, 6) === 'handle'
&& !ComponentReflection::parseAnnotation($element, 'crossOrigin')
&& !$this->getPresenter()->getHttpRequest()->isSameSite()
) {
throw new Nette\Application\ForbiddenRequestException('The signal was not sent from the same domain. It can be allowed using @crossOrigin annotation.');
}
}
@@ -298,6 +298,7 @@ protected function shutdown(Application\IResponse $response)
*/
public function checkRequirements($element): void
{
parent::checkRequirements($element);
$user = (array) ComponentReflection::parseAnnotation($element, 'User');
if (in_array('loggedIn', $user, true)) {
trigger_error(__METHOD__ . '() annotation @User is deprecated', E_USER_DEPRECATED);

0 comments on commit 8a654f3

Please sign in to comment.