-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get csrf once,avoid init csrfMiddleware from view injection #132
base: master
Are you sure you want to change the base?
Conversation
Returns array of csrf parameters,then merge to common parameters and metaTag parameters.
get csrftoken once
get csrf token onece ,
What problem is being solved here? Is something not working right now? |
it initial crsftokeninterface and csrfmiddleware (which initial csrftokeninterface again and other classes not necessary), it's only need to get a post parameter name and Metatag name, the same names used in csrfmiddleware, |
when the page loading it will fetch csrf token twice from session |
won't call csrfmiddleware which will inital CsrfTokenInterface again
Only need to refactor |
here public function getCsrfParameters(): array
only get $this->middleware->getParameterName(), and it's not necessary to call csrfmiddleware (call csrftokeninterface again and other useless classes,it's not right to call middleware from view), CsrfViewInjection implements CommonParametersInjectionInterface, MetaTagsInjectionInterface from the viewrender get CsrfParameters once to an array, |
Anyway you should get parameter/header name from middleware, becuase it can be not default. |
yes, if it can be config or customized, it needs a new class which read from configuration, then call the class from middleware or view injection, |
there is alsow add a csrftrait to share parmater name bettewn view injection and csrfmiddleware