protected function _validateToken(Request $request)
{
$cookie = $request->cookie($this->_config['cookieName']);
$post = $request->data($this->_config['field']);
$header = $request->header('X-CSRF-Token');
if (!$cookie) {
throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie'));
}
if ($post !== $cookie && $header !== $cookie) {
throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.'));
}
}