<?php

namespace app\components;

use yii\helpers\Security;

class Request extends \yii\web\Request
{
    protected function createCsrfCookie()
    {
        $cookie = parent::createCsrfCookie();
        // allow angular read this cookie
        $cookie->httpOnly = false;
        return $cookie;
    }

    public function validateCsrfToken()
    {
        $method = $this->getMethod();
        if (!$this->enableCsrfValidation || !in_array($method, ['POST', 'PUT', 'PATCH', 'DELETE'], true)) {
            return true;
        }
        $trueToken = $this->getCookies()->getValue($this->csrfParam);
        $token = $this->getBodyParam($this->csrfParam);
        /*switch ($method) {
            case 'PUT':
                $token = $this->put($this->csrfParam);
                break;
            case 'PATCH':
                $token = $this->patch($this->csrfParam);
                break;
            case 'DELETE':
                $token = $this->delete($this->csrfParam);
                break;
            default:
                $token = $this->post($this->csrfParam);
                break;
        }*/
        if ($token === $trueToken) {
            return true;
        }

        // header token is encoded cookie values
        $headerToken = $this->getCsrfTokenFromHeader();
        if ($this->enableCookieValidation) {
            $validationKey = $this->getCookieValidationKey();
            if (is_string($headerToken) && ($token = Security::validateData($headerToken, $validationKey)) !== false) {
                $headerToken = @unserialize($token);
            }
        }
        return $headerToken === $trueToken;
    }

}