protected function validateRequest(Request $request)
{
// is the Request safe?
if (!$request->isMethodSafe(false)) {
throw new AccessDeniedHttpException();
}
// is the Request signed?
// we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) {
return;
}
throw new AccessDeniedHttpException();
}