public static function isMethodProtected($method)
{
return !in_array($method, array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
} public static function protect(Controller $controller)
{
$controller->before[] = function () {
if (CsrfProtector::isMethodProtected(Uri::getRequestType())) {
CsrfProtector::validate();
}
return true;
};
$controller->after[] = function () use($controller) {
$controller->setCookie(array('name' => 'csrftoken', 'value' => CsrfProtector::getCsrfToken(), 'expire' => 0, 'path' => '/'));
return true;
};
}
