grafikart/psr15-csrf-middleware

A PSR-15 compatible middleware to prevent CSRF

1.0.2 2018-11-13 00:12 UTC

This package is not auto-updated.

Last update: 2024-12-21 01:48:35 UTC


README

Build Status Coverage Status

This middleware checks every POST, PATCH, PUT and DELETE requests for a CSRF token. Tokens are persisted using an ArrayAccess compatible Session and are generated on demand.

Installation

composer require grafikart/psr15-csrf-middleware

How to use it

$middleware = new CsrfMiddleware($_SESSION, 200);
$app->pipe($middleware);

// Generate input
$input = "<input type=\"hidden\" name=\"{$middleware->getFormKey()}\" value=\"{$middleware->generateToken()}\"/>

Middleware is constructed with these parameters:

  • session, ArrayAccess|array, used to store tokens
  • limit, int, limits the amount of tokens the session is allowed to persist
  • sessionKey, string
  • formKey, string