slimphp / Slim-Csrf

Slim Framework CSRF protection middleware

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Why is failureCallable not an Exception?

gerbenjacobs opened this issue · comments

I'm wondering why failureCallable is a Closure and not a thrown Exception/Error?

With an exception we can use the Slim errorHandler functionality. Unless you use Slim for an API, I think there's a big chance that you're using the Custom Error Handling since you want errors to look good within your template.

I understand this would be difficult to change now, but I'm just wondering why this was chosen.

For completeness sake, this is what I'm doing to solve it for myself;

$guard->setFailureCallable(function($request, $response, $next) use ($errorHandler, $c){
        return $errorHandler($c)($request, $response, new Exception('failed csrf check'));
});