uwdoem / csrf
Simple CSRF protection
Requires (Dev)
- athens/standard: *
- codeclimate/php-test-reporter: dev-master
- phpdocumentor/phpdocumentor: 2.*
- phpunit/phpunit: 4.*
README
Athens/CSRF
Easily protect against CSRF attacks.
Installation
This library is published on packagist. To install using Composer, add the "athens/csrf": "0.1.*" line to your "require" dependencies:
{
"require": {
...
"athens/csrf": "1.*",
...
}
}
Of course, if you're not using Composer then you can download the repository using the Download ZIP button at right.
Use
Using this package requires only two lines:
// Import the CSRF class
use Athens\CSRF\CSRF;
// Intialize
CSRF::init();
The method ::init() will automatically insert a hidden CSRF token field into your forms:
<!--output html-->
...
<form>
<input type=hidden name=csrf_token value=37328bc2cac3e73623bc38ab0f4068ee7fa1>
...
This token will be included automatically in any of your form submissions.
Incase you perform form submission via AJAX, ::init() also inserts a CSRF_TOKEN variable into your javascript:
<!--output html-->
...
<head>
<script>var CSRFTOKEN = '37328bc2cac3e73623bc38ab0f4068ee7fa1';</script>
...
This token will not automatically be included in your AJAX requests, but you may include it manually by referring to the CSRFTOKEN var in your submission script.
Compatibility
- PHP 5.5, 5.6, 7.0
Todo
See GitHub issue tracker.
Getting Involved
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Here's the general sequence of events for code contribution:
- Open an issue in the issue tracker.
- In any order:
- Submit a pull request with a failing test that demonstrates the issue/feature.
- Get acknowledgement/concurrence.
- Revise your pull request to pass the test in (2). Include documentation, if appropriate.