Search by 
zakirullin / csrf-middleware
PSR-15 middleware to handle CSRF-token verification
0.6.2
2019-04-25 09:16 UTC
Requires
- php: ^7.1
- middlewares/utils: ^2.1.1
- psr/http-message: ^1.0.1
- psr/http-server-middleware: ^1.0
- zendframework/zend-diactoros: ^1.7.0
Requires (Dev)
- phpunit/phpunit: ^7
- squizlabs/php_codesniffer: ^3.0
README
A PSR-15 middleware to automate CSRF-token verification process
Requirements
- PHP >= 7.1
- A PSR-7 http message implementation (Diactoros, Guzzle, Slim, etc...)
- A PSR-15 middleware dispatcher
Installation
This package is installable and autoloadable via Composer as zakirullin/csrf-middleware.
composer require zakirullin/csrf-middleware
PHP
$getIdentity = function (\Psr\Http\Message\ServerRequestInterface $request) { $session = $request->getAttribute('session'); return $session->get('id'); }; $dispatcher = new Dispatcher([ ... new \Zakirullin\Middlewares\CSRF($getIdentity, 'secret'), ... ]);
HTML
<form method="POST" action="/dangerous/action"> ... <input type="hidden" name="csrf" value="<?= $request->getAttribute('csrf') ?>"> ... </form>
Options
__construct( callable $getIdentity, string $secret, string $attribute = self::ATTRIBUTE, int $ttl = self::TTL, string $algorithm = self::ALGORITHM )
$getIdentity(ServerRequestInterface $request)
A callback that should return a string containing some per-user unique identity. For example - session id.
The MIT License (MIT). Please see LICENSE for more information.