Search by 
tereta / security
Maintainers
1.0.6
2026-05-05 21:26 UTC
Requires
- php: >=8.4
- tereta/core: ^1.0
- tereta/session: ^1.0
README
π Π ΡΡΡΠΊΠΈΠΉ | English
Overview
Security module. Provides CSRF attack protection and applies secure HTTP headers.
CSRF Protection
A token is generated automatically and stored in the session. A hidden _csrf field is added to forms:
use Tereta\Security\Services\Csrf;
// Get token for a form
$token = Csrf::singleton()->getToken();
$field = Csrf::singleton()->getFieldName(); // '_csrf'
// Validate on form submission
Csrf::singleton()->assertValid($submittedToken); // throws exception on mismatch
HTTP Headers
Applied automatically during web request processing:
| Header | Purpose |
|---|---|
| X-Content-Type-Options | Prevents MIME type sniffing |
| X-Frame-Options | Clickjacking protection |
| Referrer-Policy | Controls referrer information sharing |
| Permissions-Policy | Blocks access to camera, microphone, geolocation |
| Content-Security-Policy | Controls resource loading (CSP with nonce for inline scripts) |
No configuration required β the module works out of the box.
Author and License
Author: Tereta Alexander
Website: tereta.dev
License: Apache License 2.0. See LICENSE.
www.ββββββββββββββββββββββββ βββββββββββββββββ ββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββ
βββ ββββββ ββββββββββββββ βββ ββββββββ
βββ ββββββ ββββββββββββββ βββ ββββββββ
βββ βββββββββββ βββββββββββ βββ βββ βββ
βββ βββββββββββ βββββββββββ βββ βββ βββ
.dev
Copyright (c) 2024-2026 Tereta Alexander