pkj/minibase-plugin-csrfprotection

Plugin that enabled CSRF Protection by default for Minibase framework apps.

, _(*1)

CSRF Protection Plugin

CSRF Protection plugin for Minibase applications., _(*2)

Handle evil CSRF attacks for all your routes except GET., _(*3)

Install

{
  "require":{
         "pkj/minibase-plugin-csrfprotection": "dev-master"
    }
}

Usage

Add the plugin to your app., _(*4)

$mb->initPlugins(array('Pkj\Minibase\Plugin\Csrf\CsrfPlugin' => null));

Echo $csrfTokenInput in the forms that does post requests. Note, also $csrfToken is available, it contains only the token., _(*5)

You are now safe for CSRF protection., _(*6)

Configuration array:

• store: cookie or session. Note SESSION must be started if session is used. I recommend using cookie.
• token_name: the name of the token. Default is "csrfToken".

Events

You may customize the error exception if a token is invalid by adding event handler., _(*7)

$mb->events->on("csrf:invalid", function ($request) {
    return function () {
        return $this->respond("html")->view("csrfinvalid.html.php");
    };
});

Annotations

First, use the class . use Pkj\Minibase\Plugin\Csrf\Annotation\IgnoreCsrfProtection., _(*8)

@IgnoreCsrfProtection

Can be applied to controllers or a controller method. Useful for RESTful API's. (JSON API). In such where we do not need to check for CSRF protection., _(*9)