CsrfExceptionSubscriber.php

Same filename in other branches
  1. 11.x core/lib/Drupal/Core/EventSubscriber/CsrfExceptionSubscriber.php

Namespace

Drupal\Core\EventSubscriber

File

core/lib/Drupal/Core/EventSubscriber/CsrfExceptionSubscriber.php

View source 
<?php

declare (strict_types=1);
namespace Drupal\Core\EventSubscriber;

use Drupal\Core\Routing\RouteMatch;
use Drupal\Core\Url;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\ExceptionEvent;

/**
 * Handles exceptions related to CSRF access.
 *
 * Redirects CSRF 403 exceptions to a _csrf_confirm_form_route.
 */
class CsrfExceptionSubscriber extends HttpExceptionSubscriberBase {
    
    /**
     * {@inheritdoc}
     */
    protected function getHandledFormats() : array {
        return [
            'html',
        ];
    }
    
    /**
     * Handles a 403 error for HTML.
     *
     * @param \Symfony\Component\HttpKernel\Event\ExceptionEvent $event
     *   The event to process.
     */
    public function on403(ExceptionEvent $event) : void {
        $request = $event->getRequest();
        $routeMatch = RouteMatch::createFromRequest($request);
        $route = $routeMatch->getRouteObject();
        if (!$route->hasRequirement('_csrf_token') || empty($route->getOption('_csrf_confirm_form_route'))) {
            return;
        }
        $event->setResponse(new RedirectResponse(Url::fromRoute($route->getOption('_csrf_confirm_form_route'))
            ->toString()));
    }

}

Classes

Title Deprecated Summary
CsrfExceptionSubscriber Handles exceptions related to CSRF access.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.