Skip to content

A PSR-15 compatible middleware that is designed to simplify CSRF verifcation process

License

Notifications You must be signed in to change notification settings

zakirullin/csrf-middleware

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

zakirullin/csrf-middleware

Build Status Scrutinizer PHP from Packagist GitHub commits Software License

A PSR-15 middleware to automate CSRF-token verification process

Requirements

Installation

This package is installable and autoloadable via Composer as zakirullin/csrf-middleware.

composer require zakirullin/csrf-middleware 

PHP

$getIdentity = function (\Psr\Http\Message\ServerRequestInterface $request) {
    $session = $request->getAttribute('session');
    return $session->get('id');
};

$dispatcher = new Dispatcher([
    ...
    new \Zakirullin\Middlewares\CSRF($getIdentity, 'secret'),
    ...
]);

HTML

<form method="POST" action="/dangerous/action">
    ...
    <input type="hidden" name="csrf" value="<?= $request->getAttribute('csrf') ?>">
    ...
</form>

Options

__construct(
    callable $getIdentity,
    string $secret,
    string $attribute = self::ATTRIBUTE,
    int $ttl = self::TTL,
    string $algorithm = self::ALGORITHM
)

$getIdentity(ServerRequestInterface $request)

A callback that should return a string containing some per-user unique identity. For example - session id.


The MIT License (MIT). Please see LICENSE for more information.

About

A PSR-15 compatible middleware that is designed to simplify CSRF verifcation process

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages