Fixes CSRF not set on first request

Schlaefer · Mar 15, 2020 · 1553bba · 1553bba
1 parent 7ca853d
commit 1553bba
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/View/Helper/JsDataHelper.php b/src/View/Helper/JsDataHelper.php
@@ -108,8 +108,9 @@ protected function _getCsrf(View $View)
     {
         $key = Configure::read('Session.cookie') . '-CSRF';
         $token = $View->getRequest()->getCookie($key);
-        if (is_array($token)) {
-            // @bogus In which situation is that not a string or null?
+        if ($token === null) {
+            // First request without CSRF cookie set yet. CSRF set as new cookie
+            // in this request.
             $token = $View->getResponse()->getCookie($key)['value'];
         }
         $header = 'X-CSRF-Token';