zakirullin/csrf-middleware

PSR-15 middleware to handle CSRF-token verification

0.6.2 2019-04-25 09:16 UTC

README

Build Status Scrutinizer PHP from Packagist GitHub commits Software License

PSR-15 middleware to handle CSRF-token verification

Requirements

Installation

This package is installable and autoloadable via Composer as zakirullin/csrf-middleware.

composer require zakirullin/csrf-middleware 

PHP

$getIdentity = function (\Psr\Http\Message\ServerRequestInterface $request) {
    $session = $request->getAttribute('session');
    return $session->get('id');
};

$dispatcher = new Dispatcher([
    ...
    new \Zakirullin\Middlewares\CSRF($getIdentity, 'secret'),
    ...
]);

HTML

<form method="POST" action="/dangerous/action">
    ...
    <input type="hidden" name="csrf" value="<?= $request->getAttribute('csrf') ?>">
    ...
</form>

Options

__construct(
    callable $getIdentity,
    string $secret,
    string $attribute = self::ATTRIBUTE,
    int $ttl = self::TTL,
    string $algorithm = self::ALGORITHM
)

$getIdentity(ServerRequestInterface $request)

A callback that should return a string containing some per-user unique identity. For example - session id.

The MIT License (MIT). Please see LICENSE for more information.