fix 'unafe' typo

yiisoft · Nov 28, 2024 · 36b34b0 · 36b34b0
1 parent 9d1a797
commit 36b34b0
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/framework/web/Request.php b/framework/web/Request.php
@@ -140,7 +140,7 @@ class Request extends \yii\base\Request
      * This property is used only when both [[enableCsrfValidation]] and [[validateCsrfHeaderOnly]] are true.
      * @see https://fetch.spec.whatwg.org/#http-cors-protocol
      */
-    public $csrfHeaderUnafeMethods = ['GET', 'HEAD', 'POST'];
+    public $csrfHeaderUnsafeMethods = ['GET', 'HEAD', 'POST'];
     /**
      * @var bool whether to use custom header only to CSRF validation of SPA. Defaults to false.
      * If false and [[enableCsrfValidation]] is true, CSRF validation by token will used.
@@ -1897,7 +1897,7 @@ public function validateCsrfToken($clientSuppliedToken = null)
         $method = $this->getMethod();
 
         if ($this->validateCsrfHeaderOnly) {
-            return in_array($method, $this->csrfHeaderUnafeMethods, true)
+            return in_array($method, $this->csrfHeaderUnsafeMethods, true)
                 ? $this->headers->has($this->csrfHeader)
                 : true;
         }

diff --git a/tests/framework/web/RequestTest.php b/tests/framework/web/RequestTest.php
@@ -297,7 +297,7 @@ public function testCustomUnsafeMethodsCsrfHeaderValidation()
         $this->mockWebApplication();
 
         $request = new Request();
-        $request->csrfHeaderUnafeMethods = ['POST'];
+        $request->csrfHeaderUnsafeMethods = ['POST'];
         $request->validateCsrfHeaderOnly = true;
         $request->enableCsrfValidation = true;