Skip to content
Permalink
Browse files

Form: added allowCrossOrigin(), replaces disableSameSiteProtection()

  • Loading branch information
dg committed Nov 26, 2019
1 parent a7f5683 commit c2f54052ba60493f77658803c4f3352f1cc6a105
Showing with 10 additions and 3 deletions.
  1. +10 −3 src/Application/UI/Form.php
@@ -21,7 +21,7 @@ class Form extends Nette\Forms\Form implements ISignalReceiver
public $onAnchor;
/** @var bool */
private $sameSiteProtection = true;
private $crossOrigin = false;
/**
@@ -103,9 +103,16 @@ public function isAnchored(): bool
/**
* Disables CSRF protection using a SameSite cookie.
*/
public function allowCrossOrigin(): void
{
$this->crossOrigin = true;
}
/** @deprecated use allowCrossOrigin() */
public function disableSameSiteProtection(): void
{
$this->sameSiteProtection = false;
$this->crossOrigin = true;
}
@@ -155,7 +162,7 @@ public function signalReceived(string $signal): void
$class = get_class($this);
throw new BadSignalException("Missing handler for signal '$signal' in $class.");
} elseif ($this->sameSiteProtection && !$this->getPresenter()->getHttpRequest()->isSameSite()) {
} elseif (!$this->crossOrigin && !$this->getPresenter()->getHttpRequest()->isSameSite()) {
$this->getPresenter()->detectedCsrf();
} elseif (!$this->getPresenter()->getRequest()->hasFlag(Nette\Application\Request::RESTORED)) {

0 comments on commit c2f5405

Please sign in to comment.
You can’t perform that action at this time.