Skip to content

Latest commit

 

History

History
68 lines (50 loc) · 2.22 KB

README.md

File metadata and controls

68 lines (50 loc) · 2.22 KB

zakirullin/csrf-middleware

Build Status Scrutinizer PHP from Packagist GitHub commits Software License

A PSR-15 middleware to automate CSRF-token verification process

Requirements

Installation

This package is installable and autoloadable via Composer as zakirullin/csrf-middleware.

composer require zakirullin/csrf-middleware 

PHP

$getIdentity = function (\Psr\Http\Message\ServerRequestInterface $request) {
    $session = $request->getAttribute('session');
    return $session->get('id');
};

$dispatcher = new Dispatcher([
    ...
    new \Zakirullin\Middlewares\CSRF($getIdentity, 'secret'),
    ...
]);

HTML

<form method="POST" action="/dangerous/action">
    ...
    <input type="hidden" name="csrf" value="<?= $request->getAttribute('csrf') ?>">
    ...
</form>

Options

__construct(
    callable $getIdentity,
    string $secret,
    string $attribute = self::ATTRIBUTE,
    int $ttl = self::TTL,
    string $algorithm = self::ALGORITHM
)

$getIdentity(ServerRequestInterface $request)

A callback that should return a string containing some per-user unique identity. For example - session id.


The MIT License (MIT). Please see LICENSE for more information.