README

Overview

Security module. Provides CSRF attack protection and applies secure HTTP headers.

CSRF Protection

A token is generated automatically and stored in the session. A hidden _csrf field is added to forms:

use Tereta\Security\Services\Csrf;

// Get token for a form
$token = Csrf::singleton()->getToken();
$field = Csrf::singleton()->getFieldName(); // '_csrf'

// Validate on form submission
Csrf::singleton()->assertValid($submittedToken); // throws exception on mismatch

HTTP Headers

Applied automatically during web request processing:

Header	Purpose
X-Content-Type-Options	Prevents MIME type sniffing
X-Frame-Options	Clickjacking protection
Referrer-Policy	Controls referrer information sharing
Permissions-Policy	Blocks access to camera, microphone, geolocation
Content-Security-Policy	Controls resource loading (CSP with nonce for inline scripts)

No configuration required — the module works out of the box.

Author and License

Author: Tereta Alexander
Website: tereta.dev
License: Apache License 2.0. See LICENSE.

 www.████████╗███████╗██████╗ ███████╗████████╗ █████╗
     ╚══██╔══╝██╔════╝██╔══██╗██╔════╝╚══██╔══╝██╔══██╗
        ██║   █████╗  ██████╔╝█████╗     ██║   ███████║
        ██║   ██╔══╝  ██╔══██╗██╔══╝     ██║   ██╔══██║
        ██║   ███████╗██║  ██║███████╗   ██║   ██║  ██║
        ╚═╝   ╚══════╝╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═╝  ╚═╝
                                                      .dev

tereta / security

Maintainers

Package info

Statistics

Security

README

Overview

CSRF Protection

HTTP Headers

Author and License