Controller::checkAction

protected function checkAction()
{
	if($this->errorCollection->hasErrors())
	{
		$this->sendJsonErrorResponse();
	}
	$description = $this->getActionDescription();

	if(!$this->getUser() || !$this->getUser()->getId())
	{
		if($description['redirect_on_auth'])
		{
			$this->redirectToAuth();
		}
		else
		{
			$this->runProcessingIfUserNotAuthorized();
		}
	}

	//if does not exist check_csrf_token we have to check csrf for only POST method.
	if(
		(isset($description['check_csrf_token']) && $description['check_csrf_token'] === true) ||
		($this->request->isPost() && !isset($description['check_csrf_token'])))
	{
		//in BDisk we have token_sid
		if(!check_bitrix_sessid() && !check_bitrix_sessid('token_sid'))
		{
			$this->runProcessingIfInvalidCsrfToken();
		}
	}

	if(!in_array($this->request->getRequestMethod(), $description['method']))
	{
		$this->sendJsonAccessDeniedResponse('Wrong method for current action');
	}
}