grafikart / psr15-csrf-middleware
A PSR-15 compatible middleware to prevent CSRF
Installs: 1 111
Dependents: 1
Suggesters: 0
Security: 0
Stars: 5
Watchers: 3
Forks: 11
Open Issues: 0
Requires
- php: >=7.1.0
- psr/http-server-middleware: ^1.0@dev
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.5
- phpunit/phpunit: ~6.2.0
- satooshi/php-coveralls: ^1.0
- squizlabs/php_codesniffer: ^3.0
This package is not auto-updated.
Last update: 2024-04-12 22:23:51 UTC
README
This middleware checks every POST, PATCH, PUT and DELETE requests for a CSRF token. Tokens are persisted using an ArrayAccess compatible Session and are generated on demand.
Installation
composer require grafikart/psr15-csrf-middleware
How to use it
$middleware = new CsrfMiddleware($_SESSION, 200); $app->pipe($middleware); // Generate input $input = "<input type=\"hidden\" name=\"{$middleware->getFormKey()}\" value=\"{$middleware->generateToken()}\"/>
Middleware is constructed with these parameters:
- session, ArrayAccess|array, used to store tokens
- limit, int, limits the amount of tokens the session is allowed to persist
- sessionKey, string
- formKey, string