use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
and to
public function middleware($middleware) {
$middleware->add(function (
ServerRequestInterface $request,
ResponseInterface $response,
callable $next
) {
$params = $request->getAttribute('params');
if ($params['controller'] !== 'Mixer') {
$csrf = new CsrfProtectionMiddleware([
'httpOnly' => true
]);
// This will invoke the CSRF middleware's `__invoke()` handler,
// just like it would when being registered via `add()`.
return $csrf($request, $response, $next);
}
return $next($request, $response);
});
}
But maybe its better to add CSFR Support to the json requests for latest Cake
a Solution found: https://stackoverflow.com/a/47718018 == Avoid csfr Token for the mixer plugin
add to / src/Application.php
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface;
and to
public function middleware($middleware) { $middleware->add(function ( ServerRequestInterface $request, ResponseInterface $response, callable $next ) { $params = $request->getAttribute('params'); if ($params['controller'] !== 'Mixer') { $csrf = new CsrfProtectionMiddleware([ 'httpOnly' => true ]);
}
But maybe its better to add CSFR Support to the json requests for latest Cake