public function getCsrfTokenFromHeader() { $key = 'HTTP_' . str_replace('-', '_', strtoupper(static::CSRF_HEADER)); return isset($_SERVER[$key]) ? $_SERVER[$key] : null; }