public function onRequest($event, $request)
{
$this->provider->setToken($request->get('_csrf', $request->headers->get('X-XSRF-TOKEN')));
$attributes = $request->attributes->get('_request', []);
if (isset($attributes['csrf']) && !$this->provider->validate()) {
throw new CsrfException('Invalid CSRF token.');
}
}