shadowprince / forman-csrf
CSRF protection plugin for shadowprince/forman
Installs: 4
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
pkg:composer/shadowprince/forman-csrf
Requires
- php: >=5.2.0
- shadowprince/forman: >=0.2
This package is not auto-updated.
Last update: 2025-10-07 09:47:07 UTC
README
Forman-Recaptcha - plugin for forman, adding automatic CSRF-protection for all forms. Plugin works at background, no code needed.
Mechanism
- Generates and stores token at every form
process
- Compares token from form data and user cookies, if cookie not exist or not matches - field error will be added and
verify
(soprocess
too) fails - Removes
csrf_token
fromprocess
result, so you'll not even notice
You can turn it off for one form
\Forman\CSRFPlugin::disable(); if ($data = $form->process($_POST)) { // now there is no CSRF } \Forman\CSRFPlugin::enable();
Or global
// somewhere in bootstrap \Forman\CSRFPlugin::disableGlobal(); // so any enable() will not work now