fyre / csrf
A CSRF protetion library.
Requires
- fyre/middleware: ^2.0
- fyre/server: ^3.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.59
- fyre/php-cs-fixer-config: ^1.0
- fyre/session: ^4.0
- phpunit/phpunit: ^10
README
FyreCSRF is a free, open-source CSRF protection library for PHP.
Table Of Contents
Installation
Using Composer
composer require fyre/csrf
In PHP:
use Fyre\Security\CsrfProtection;
Methods
Check Token
Check CSRF token.
$request
is the ServerRequest.
CrsfProtection::checkToken($request);
Disable
Disable the CSRF protection.
CsrfProtection::disable();
Enable
Enable the CSRF protection.
CsrfProtection::enable();
Get Field
Get the CSRF token field name.
$field = CsrfProtection::getField();
Get Header
Get the CSRF token header name.
$header = CsrfProtection::getHeader();
Get Key
Get the CSRF session key.
$key = CsrfProtection::getKey();
Get Token
Get the CSRF token.
$token = CsrfProtection::getToken();
Get Token Hash
Get the CSRF token hash.
$tokenHash = CsrfProtection::getTokenHash();
Is Enabled
Determine if the CSRF protection is enabled.
$enabled = CsrfProtection::isEnabled();
Set Field
Set the CSRF token field name.
$field
is a string representing the CSRF token field name.
CsrfProtection::setField($field);
Set Header
Set the CSRF token header name.
$header
is a string representing the CSRF token header name.
CsrfProtection::setHeader($header);
Set Key
Set the CSRF session key.
$key
is a string representing the CSRF session key.
CsrfProtection::setKey($key);
Skip Check Callback
Set the skip check callback.
$skipCheck
is a Closure that accepts a ServerRequest as the first argument.
CsrfProtection::skipCheckCallback($skipCheck);
The skip check callback should return true if the CSRF check should not be performed.
Middleware
use Fyre\Security\Middleware\CsrfProtectionMiddleware;
$options
is an array containing options for the middleware.field
is a string representing the CSRF token field name, and will default to "csrf_token".header
is a string representing the CSRF token header name, and will default to "Csrf-Token".key
is a string representing the CSRF session key and will default to "_csrfToken".skipCheck
is a Closure that accepts a ServerRequest as the first argument.
$middleware = new CsrfProtectionMiddleware($options);
The skip check callback should return true if the CSRF check should not be performed.
Process
$request
is a ServerRequest.$handler
is a RequestHandler.
$response = $middleware->process($request, $handler);
This method will return a ClientResponse.