validateCsrf()) { if ($this->isJsonRequest()) { $this->json(['error' => 'CSRF token invalid'], 403); } else { $this->text('CSRF token invalid', 403); } exit; } } private function isJsonRequest(): bool { $accept = $_SERVER['HTTP_ACCEPT'] ?? ''; $contentType = $_SERVER['CONTENT_TYPE'] ?? ''; return str_contains($accept, 'application/json') || str_contains($contentType, 'application/json'); } }