shadowprince/forman-csrf

CSRF protection plugin for shadowprince/forman

Maintainers

Details

github.com/shadowprince/forman-csrf

Homepage

Source

Issues

Installs: 4

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

pkg:composer/shadowprince/forman-csrf

0.1 2013-10-24 18:30 UTC

Requires

BSD ac0cbaa35f9e90210bdcf12f1d2500839e42e3db

Formscomponentcsrfslimextforman

This package is not auto-updated.

Last update: 2025-10-07 09:47:07 UTC

README

Forman-Recaptcha - plugin for forman, adding automatic CSRF-protection for all forms. Plugin works at background, no code needed.

Mechanism

  • Generates and stores token at every form process
  • Compares token from form data and user cookies, if cookie not exist or not matches - field error will be added and verify (so process too) fails
  • Removes csrf_token from process result, so you'll not even notice

You can turn it off for one form

\Forman\CSRFPlugin::disable();
if ($data = $form->process($_POST)) {
    // now there is no CSRF
}
\Forman\CSRFPlugin::enable();

Or global

// somewhere in bootstrap
\Forman\CSRFPlugin::disableGlobal(); // so any enable() will not work now