private function assertHasValidXsrfToken(Request $request, bool $hasValidXsrfToken): void
{
+ if ($hasValidXsrfToken) {
+ // No need to do anything for a valid token.
+ return;
+ }
+
if (!\is_subclass_of($request->getClassName(), RequestHandlerInterface::class)) {
// Skip the XSRF check for legacy controllers.
return;
return;
}
- if (!$hasValidXsrfToken) {
- throw new InvalidSecurityTokenException();
- }
+ // The controller requires a valid XSRF Token and no valid
+ // token was provided, abort the processing.
+ throw new InvalidSecurityTokenException();
}
}