diff --git a/src/main/php/web/frontend/Frontend.class.php b/src/main/php/web/frontend/Frontend.class.php index 7d1c61d..0c03ba3 100755 --- a/src/main/php/web/frontend/Frontend.class.php +++ b/src/main/php/web/frontend/Frontend.class.php @@ -87,7 +87,7 @@ private function view($req, $res, $delegate, $matches= []) { } // Verify CSRF token for anything which is not a GET or HEAD request - $token= $req->param('token') ?? $req->header('X-CSRF-Token'); + $token= $req->param('token') ?? $req->header('X-Csrf-Token'); if (!isset($CSRF_EXEMPT[strtolower($req->method())]) && $req->value('token') !== $token) { return $this->errors()->handle(new Error(403, 'Incorrect CSRF token for '.$delegate->name())); } diff --git a/src/test/php/web/frontend/unittest/CSRFTokenTest.class.php b/src/test/php/web/frontend/unittest/CSRFTokenTest.class.php index 035aa2c..9567957 100755 --- a/src/test/php/web/frontend/unittest/CSRFTokenTest.class.php +++ b/src/test/php/web/frontend/unittest/CSRFTokenTest.class.php @@ -44,7 +44,7 @@ public function validated_as_part_of_payload() { #[Test] public function validated_as_header() { - $this->execute('POST', '/users', 'username=test', ['X-CSRF-Token' => self::TOKEN]); + $this->execute('POST', '/users', 'username=test', ['X-Csrf-Token' => self::TOKEN]); } #[Test]