public function onKernelRequest(GetResponseEvent $event)
{
if (!$event->getRequest()->attributes->get('is_rest_request')) {
return;
}
if (!$this->csrfEnabled) {
return;
}
// skip CSRF validation if no session is running
if (!$event->getRequest()->getSession()->isStarted()) {
return;
}
if ($this->isMethodSafe($event->getRequest()->getMethod())) {
return;
}
if ($this->isSessionRoute($event->getRequest()->get('_route'))) {
return;
}
if (!$this->checkCsrfToken($event->getRequest())) {
throw new UnauthorizedException('Missing or invalid CSRF token', $event->getRequest()->getMethod() . ' ' . $event->getRequest()->getPathInfo());
}
// Dispatching event so that CSRF token intention can be injected into Legacy Stack
$this->eventDispatcher->dispatch(RestEvents::REST_CSRF_TOKEN_VALIDATED);
}