fyre/csrf

A CSRF protetion library.

Maintainers

Details

github.com/elusivecodes/FyreCSRF

Source

Issues

Installs: 72

Dependents: 3

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 1

Open Issues: 0

v5.0.1 2024-12-11 08:32 UTC

Requires

Requires (Dev)

MIT b35d62a9101c03e2acfc77473c148ff777bc9282

  • elusivecodes <elusivecodes.woop@gmail.com>

This package is auto-updated.

Last update: 2024-12-11 08:33:24 UTC

README

FyreCSRF is a free, open-source CSRF protection library for PHP.

Table Of Contents

Installation

Using Composer

composer require fyre/csrf

In PHP:

use Fyre\Security\CsrfProtection;

Basic Usage

$csrfProtection = new CsrfProtection($container, $config);

Default configuration options will be resolved from the "Csrf" key in the Config.

  • $options is an array containing the configuration options.
    • cookie is an array containing CSRF cookie options.
      • name is a string representing the cookie name, and will default to "CsrfToken".
      • expires is a number representing the cookie lifetime, and will default to 0.
      • domain is a string representing the cookie domain, and will default to "".
      • path is a string representing the cookie path, and will default to "/".
      • secure is a boolean indicating whether to set a secure cookie, and will default to true.
      • httpOnly is a boolean indicating whether to the cookie should be HTTP only, and will default to false.
      • sameSite is a string representing the cookie same site, and will default to "Lax".
    • salt is a string representing the CSRF session key and will default to "_csrfToken".
    • field is a string representing the CSRF token field name, and will default to "csrf_token".
    • header is a string representing the CSRF token header name, and will default to "Csrf-Token".
    • skipCheck is a Closure that accepts a ServerRequest as the first argument.
$container->use(Config::class)->set('Csrf', $options);

Autoloading

It is recommended to bind the CsrfProtection to the Container as a singleton.

$container->singleton(CsrfProtection::class);

Any dependencies will be injected automatically when loading from the Container.

$csrfProtection = $container->use(CsrfProtection::class);

Methods

Before Response

Update the ClientResponse before sending to client.

$response = $csrfProtection->beforeResponse($request, $response);

Check Token

Check CSRF token.

$csrfProtection->checkToken($request);

Get Cookie Token

Get the CSRF cookie token.

$cookieToken = $csrfProtection->getCookieToken();

Get Field

Get the CSRF token field name.

$field = $csrfProtection->getField();

Get Form Token

Get the CSRF form token.

$formToken = $csrfProtection->getFormToken();

Get Header

Get the CSRF token header name.

$header = $csrfProtection->getHeader();

Middleware

use Fyre\Security\Middleware\CsrfProtectionMiddleware;
  • $csrfProtection is a CsrfProtection.
$middleware = new CsrfProtectionMiddleware($csrfProtection);

Any dependencies will be injected automatically when loading from the Container.

$middleware = $container->build(CsrfProtectionMiddleware::class);

Handle

Handle a ServerRequest.

$response = $middleware->handle($request, $next);

This method will return a ClientResponse.