From 8bb0796c6b6a6026273518e3b5ae9adc784fbe6f Mon Sep 17 00:00:00 2001
From: David Neustadt <saberdude@googlemail.com>
Date: Thu, 12 Nov 2020 11:12:31 +0100
Subject: [PATCH] get token from request cookies alternatively - closes #2

---
 Service/CsrfRequestEvaluator.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Service/CsrfRequestEvaluator.php b/Service/CsrfRequestEvaluator.php
index 9d778cb..2ce77a4 100644
--- a/Service/CsrfRequestEvaluator.php
+++ b/Service/CsrfRequestEvaluator.php
@@ -102,7 +102,9 @@ public function getHeader(Request $request, ?Response $response): void
 
     public function isTokenValid(Request $request, bool $throwException = true): bool
     {
-        $token = $request->headers->get($this->cookieHeader);
+        $token = $request->headers->has($this->cookieHeader) ?
+            $request->headers->get($this->cookieHeader) :
+            $request->cookies->get($this->cookieHeader);
 
         if (empty($token)) {
             if ($throwException === false) {