refactor(actions): centralize wave-2 post/csrf guards

This commit is contained in:
2026-04-24 18:31:17 +02:00
parent cfd867bcd7
commit da7e7c593e
26 changed files with 237 additions and 114 deletions

View File

@@ -78,7 +78,8 @@ function actionRequireCsrf(
string $flashKeyPrefix = 'csrf_expired',
bool $jsonAware = false,
string $jsonError = 'csrf',
bool $flashOnFailure = true
bool $flashOnFailure = true,
bool $redirectOnFailure = true
): bool {
if (Session::checkCsrfToken()) {
return true;
@@ -96,7 +97,9 @@ function actionRequireCsrf(
flashFormErrors($errorBag, $flashScope ?? $redirect, $flashKeyPrefix);
}
Router::redirect($redirect);
if ($redirectOnFailure) {
Router::redirect($redirect);
}
return false;
}