class CsrfExceptionSubscriber

Handles exceptions related to CSRF access.

Redirects CSRF 403 exceptions to a _csrf_confirm_form_route.

Hierarchy

  • class \Drupal\Core\EventSubscriber\HttpExceptionSubscriberBase implements \Symfony\Component\EventDispatcher\EventSubscriberInterface
    • class \Drupal\Core\EventSubscriber\CsrfExceptionSubscriber extends \Drupal\Core\EventSubscriber\HttpExceptionSubscriberBase

Expanded class hierarchy of CsrfExceptionSubscriber

File

core/lib/Drupal/Core/EventSubscriber/CsrfExceptionSubscriber.php, line 17

Namespace

Drupal\Core\EventSubscriber
View source 
class CsrfExceptionSubscriber extends HttpExceptionSubscriberBase {
    
    /**
     * {@inheritdoc}
     */
    protected function getHandledFormats() : array {
        return [
            'html',
        ];
    }
    
    /**
     * Handles a 403 error for HTML.
     *
     * @param \Symfony\Component\HttpKernel\Event\ExceptionEvent $event
     *   The event to process.
     */
    public function on403(ExceptionEvent $event) : void {
        $request = $event->getRequest();
        $routeMatch = RouteMatch::createFromRequest($request);
        $route = $routeMatch->getRouteObject();
        if (!$route->hasRequirement('_csrf_token') || empty($route->getOption('_csrf_confirm_form_route'))) {
            return;
        }
        $event->setResponse(new RedirectResponse(Url::fromRoute($route->getOption('_csrf_confirm_form_route'))
            ->toString()));
    }

}

Members

Title Modifiers Object type Summary Overriden Title Overrides
CsrfExceptionSubscriber::getHandledFormats protected function Specifies the request formats this subscriber will respond to. Overrides HttpExceptionSubscriberBase::getHandledFormats
CsrfExceptionSubscriber::on403 public function Handles a 403 error for HTML.
HttpExceptionSubscriberBase::getPriority protected static function Specifies the priority of all listeners in this class. 4
HttpExceptionSubscriberBase::getSubscribedEvents public static function Registers the methods in this class that should be listeners. 1
HttpExceptionSubscriberBase::onException public function Handles errors for this subscriber. 1

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.