fyre/csrf

A CSRF protetion library.

v4.2.1 2024-10-17 14:16 UTC

This package is auto-updated.

Last update: 2024-10-17 14:17:03 UTC


README

FyreCSRF is a free, open-source CSRF protection library for PHP.

Table Of Contents

Installation

Using Composer

composer require fyre/csrf

In PHP:

use Fyre\Security\CsrfProtection;

Methods

Check Token

Check CSRF token.

CrsfProtection::checkToken($request);

Disable

Disable the CSRF protection.

CsrfProtection::disable();

Enable

Enable the CSRF protection.

CsrfProtection::enable();

Get Field

Get the CSRF token field name.

$field = CsrfProtection::getField();

Get Header

Get the CSRF token header name.

$header = CsrfProtection::getHeader();

Get Key

Get the CSRF session key.

$key = CsrfProtection::getKey();

Get Token

Get the CSRF token.

$token = CsrfProtection::getToken();

Get Token Hash

Get the CSRF token hash.

$tokenHash = CsrfProtection::getTokenHash();

Is Enabled

Determine if the CSRF protection is enabled.

$enabled = CsrfProtection::isEnabled();

Set Field

Set the CSRF token field name.

  • $field is a string representing the CSRF token field name.
CsrfProtection::setField($field);

Set Header

Set the CSRF token header name.

  • $header is a string representing the CSRF token header name.
CsrfProtection::setHeader($header);

Set Key

Set the CSRF session key.

  • $key is a string representing the CSRF session key.
CsrfProtection::setKey($key);

Skip Check Callback

Set the skip check callback.

  • $skipCheck is a Closure that accepts a ServerRequest as the first argument.
CsrfProtection::skipCheckCallback($skipCheck);

The skip check callback should return true if the CSRF check should not be performed.

Middleware

use Fyre\Security\Middleware\CsrfProtectionMiddleware;
  • $options is an array containing options for the middleware.
    • field is a string representing the CSRF token field name, and will default to "csrf_token".
    • header is a string representing the CSRF token header name, and will default to "Csrf-Token".
    • key is a string representing the CSRF session key and will default to "_csrfToken".
    • skipCheck is a Closure that accepts a ServerRequest as the first argument.
$middleware = new CsrfProtectionMiddleware($options);

The skip check callback should return true if the CSRF check should not be performed.

Process

$response = $middleware->process($request, $handler);

This method will return a ClientResponse.