Skip to content

Commit 564580b

Browse files
dgdg
committed
Form::disableSameSiteProtection() replaced with allowCrossOrigin()
1 parent 597e9c6 commit 564580b

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

src/Application/UI/Form.php

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ class Form extends Nette\Forms\Form implements SignalReceiver
2121
public $onAnchor = [];
2222

2323
/** @var bool */
24-
private $sameSiteProtection = true;
24+
protected $crossOrigin = false;
2525

2626

2727
/**
@@ -103,9 +103,16 @@ public function isAnchored(): bool
103103
/**
104104
* Disables CSRF protection using a SameSite cookie.
105105
*/
106+
public function allowCrossOrigin(): void
107+
{
108+
$this->crossOrigin = true;
109+
}
110+
111+
112+
/** @deprecated use allowCrossOrigin() */
106113
public function disableSameSiteProtection(): void
107114
{
108-
$this->sameSiteProtection = false;
115+
$this->crossOrigin = true;
109116
}
110117

111118

@@ -153,7 +160,7 @@ public function signalReceived(string $signal): void
153160
$class = static::class;
154161
throw new BadSignalException("Missing handler for signal '$signal' in $class.");
155162

156-
} elseif ($this->sameSiteProtection && !$this->getPresenter()->getHttpRequest()->isSameSite()) {
163+
} elseif (!$this->crossOrigin && !$this->getPresenter()->getHttpRequest()->isSameSite()) {
157164
$this->getPresenter()->detectedCsrf();
158165

159166
} elseif (!$this->getPresenter()->getRequest()->hasFlag(Nette\Application\Request::RESTORED)) {

0 commit comments

Comments
 (0)