Fix the except behavior of VerifyJavascriptResponse middleware.

Tortue Torche · Tortue Torche · commit deccfdeac760 · 2015-09-18T18:32:08.000+02:00
diff --git a/src/Efficiently/JqueryLaravel/VerifyJavascriptResponse.php b/src/Efficiently/JqueryLaravel/VerifyJavascriptResponse.php
@@ -37,15 +37,17 @@ public function __construct()
     public function handle($request, Closure $next)
     {
         $response = $next($request);
-        if (! $this->shouldPassThrough($request) ||
-            ($this->isReading($request) && $this->nonXhrJavascriptResponse($request, $response))
-        ) {
-            $crossOriginJavascriptWarning = "Security warning: an embedded " .
-                "<script> tag on another site requested protected JavaScript. " .
-                "If you know what you're doing, go ahead and disable CSRF " .
-                "protection on this action to permit cross-origin JavaScript embedding.";
+        if (! $this->shouldPassThrough($request)) {
+            if ($this->isReading($request) &&
+                $this->nonXhrJavascriptResponse($request, $response)
+            ) {
+                $crossOriginJavascriptWarning = "Security warning: an embedded " .
+                    "<script> tag on another site requested protected JavaScript. " .
+                    "If you know what you're doing, go ahead and disable CSRF " .
+                    "protection on this action to permit cross-origin JavaScript embedding.";
 
-            throw new CrossOriginRequestException($crossOriginJavascriptWarning);
+                throw new CrossOriginRequestException($crossOriginJavascriptWarning);
+            }
         }
 
         return $response;
