Fix CSRF vulnerability

Author: pamil

Controller/ResourceController.php

@@ -469,6 +469,10 @@ public function applyStateMachineTransitionAction(Request $request): Response
         $this->isGrantedOr403($configuration, ResourceActions::UPDATE);
         $resource = $this->findOr404($configuration);
 
+        if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid($resource->getId(), $request->request->get('_csrf_token'))) {
+            throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token.');
+        }
+
         $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::UPDATE, $configuration, $resource);
 
         if ($event->isStopped() && !$configuration->isHtmlRequest()) {