Handle X-CSRF-TOKEN - CSRF

[nowackipawel]

According to your comments, I have to agree: it could be useful and should be characterized by better performance than parsing php://input jsons everytime when $_POST token is not set.

@michalsn @jim-parry @lonnieezell

Order:

1. $_POST
2. HTTP HEADER
3. php://input - trying to parse posted JSON (last because of performance)

[michalsn]

@nowackipawel you should add:

public $CSRFHeaderName  = 'X-CSRF-TOKEN';

to the tests/_support/Config/MockAppConfig.php file to make tests pass again.

[michalsn]

I think that we should add a few tests to this (to cover handling CSRF by header and json) - but I like it.

[nowackipawel]

@michalsn : yes, I agree... and as long as I tested php://input and I am using this in my APP with _POST simultaneusly ... and as long as I tested HEADER version with some test requests ... I am so sorry but I won't be able to write tests for this PR :(.

The same is with:
#2067

[michalsn]

@nowackipawel it's fine. I can probably work on it later today - after work.

[MGatner]

This is out of my knowledge but you two seem to know what you’re talking about. @michalsn is this ready to go?

[michalsn]

@MGatner Yes, it is.