grafikart/psr15-csrf-middleware

A PSR-15 compatible middleware to prevent CSRF

PSR-15 Middleware

, _(*1)

This middleware checks every POST, PATCH, PUT and DELETE requests for a CSRF token. Tokens are persisted using an ArrayAccess compatible Session and are generated on demand., _(*2)

Installation

composer require grafikart/psr15-csrf-middleware

How to use it

$middleware = new CsrfMiddleware($_SESSION, 200);
$app->pipe($middleware);

// Generate input
$input = "<input type=\"hidden\" name=\"{$middleware->getFormKey()}\" value=\"{$middleware->generateToken()}\"/>

Middleware is constructed with these parameters:, _(*3)

• session, ArrayAccess|array, used to store tokens
• limit, int, limits the amount of tokens the session is allowed to persist
• sessionKey, string
• formKey, string