2017 © Pedro Peláez
 

library csrf

Simple CSRF protection

image

uwdoem/csrf

Simple CSRF protection

  • Friday, February 12, 2016
  • by JASchilz
  • Repository
  • 1 Watchers
  • 0 Stars
  • 935 Installations
  • PHP
  • 1 Dependents
  • 0 Suggesters
  • 0 Forks
  • 1 Open issues
  • 7 Versions
  • 0 % Grown

The README.md

Build Status Code Climate Test Coverage Latest Stable Version, (*1)

Athens/CSRF

Easily protect against CSRF attacks., (*2)

Installation

This library is published on packagist. To install using Composer, add the "athens/csrf": "0.1.*" line to your "require" dependencies:, (*3)

{
    "require": {
        ...
        "athens/csrf": "1.*",
        ...
    }
}

Of course, if you're not using Composer then you can download the repository using the Download ZIP button at right., (*4)

Use

Using this package requires only two lines:, (*5)

    // Import the CSRF class
    use Athens\CSRF\CSRF;

    // Intialize
    CSRF::init();

The method ::init() will automatically insert a hidden CSRF token field into your forms:, (*6)

    <!--output html-->
    ...
    <form>
        <input type=hidden name=csrf_token value=37328bc2cac3e73623bc38ab0f4068ee7fa1>
    ...

This token will be included automatically in any of your form submissions., (*7)

Incase you perform form submission via AJAX, ::init() also inserts a CSRF_TOKEN variable into your javascript:, (*8)

    <!--output html-->
    ...
    <head>
        <script>var CSRFTOKEN = '37328bc2cac3e73623bc38ab0f4068ee7fa1';</script>
    ...

This token will not automatically be included in your AJAX requests, but you may include it manually by referring to the CSRFTOKEN var in your submission script., (*9)

Compatibility

  • PHP 5.5, 5.6, 7.0

Todo

See GitHub issue tracker., (*10)

Getting Involved

Feel free to open pull requests or issues. GitHub is the canonical location of this project., (*11)

Here's the general sequence of events for code contribution:, (*12)

  1. Open an issue in the issue tracker.
  2. In any order:
    • Submit a pull request with a failing test that demonstrates the issue/feature.
    • Get acknowledgement/concurrence.
  3. Revise your pull request to pass the test in (2). Include documentation, if appropriate.

The Versions