fix(http): prevent CSRF token variable name collision (#1413)

brendt · web-flow · commit 361c2fbf6a39 · 2025-07-19T08:34:32.000+02:00
diff --git a/packages/http/src/Session/x-csrf-token.view.php b/packages/http/src/Session/x-csrf-token.view.php
@@ -4,8 +4,6 @@
 
 use function Tempest\get;
 
-$name = Session::CSRF_TOKEN_KEY;
-$token = get(Session::class)->token;
 ?>
 
-<input type="hidden" name="{{ $name }}" value="{{ $token }}" />
+<input type="hidden" name="{{ Session::CSRF_TOKEN_KEY }}" value="{{ get(Session::class)->token }}" />
