create-prisma-php-app 4.2.0 → 4.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bootstrap.php
CHANGED
|
@@ -137,27 +137,27 @@ final class Bootstrap extends RuntimeException
|
|
|
137
137
|
|
|
138
138
|
private static function setCsrfCookie(): void
|
|
139
139
|
{
|
|
140
|
-
if (!isset($_COOKIE['
|
|
140
|
+
if (!isset($_COOKIE['prisma_php_csrf'])) {
|
|
141
141
|
$secret = $_ENV['FUNCTION_CALL_SECRET'] ?? 'pp_default_insecure_secret';
|
|
142
142
|
$nonce = bin2hex(random_bytes(16));
|
|
143
143
|
$signature = hash_hmac('sha256', $nonce, $secret);
|
|
144
144
|
$token = $nonce . '.' . $signature;
|
|
145
145
|
|
|
146
|
-
setcookie('
|
|
146
|
+
setcookie('prisma_php_csrf', $token, [
|
|
147
147
|
'expires' => time() + 3600,
|
|
148
148
|
'path' => '/',
|
|
149
149
|
'secure' => true,
|
|
150
150
|
'httponly' => false,
|
|
151
151
|
'samesite' => 'Lax',
|
|
152
152
|
]);
|
|
153
|
-
$_COOKIE['
|
|
153
|
+
$_COOKIE['prisma_php_csrf'] = $token;
|
|
154
154
|
}
|
|
155
155
|
}
|
|
156
156
|
|
|
157
157
|
private static function validateCsrfToken(): void
|
|
158
158
|
{
|
|
159
159
|
$headerToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
160
|
-
$cookieToken = $_COOKIE['
|
|
160
|
+
$cookieToken = $_COOKIE['prisma_php_csrf'] ?? '';
|
|
161
161
|
$secret = $_ENV['FUNCTION_CALL_SECRET'] ?? '';
|
|
162
162
|
|
|
163
163
|
if (empty($headerToken) || empty($cookieToken)) {
|