);
if (
- $this->isSafeHttpMethod($request->getMethod())
+ !$this->isSafeHttpMethod($request->getMethod())
&& $this->requestHandler->getActiveRequest()
) {
$this->assertHasValidXsrfToken($this->requestHandler->getActiveRequest(), $hasValidXsrfToken);
return $verb === 'GET' || $verb === 'HEAD';
}
- private function assertHasValidXsrfToken(Request $request, $hasValidXsrfToken): void
+ private function assertHasValidXsrfToken(Request $request, bool $hasValidXsrfToken): void
{
if (!\is_subclass_of($request->getClassName(), RequestHandlerInterface::class)) {
// Skip the XSRF check for legacy controllers.