zoxta/csrf

A quick and easy stateless CSRF protection for forms.

Quick CSRF

, _(*1)

Quick CSRF offers stateless CSRF protection for forms that requires almost zero-configuration. It uses the JSON Web Token standard so it does not depend on session/cookies., _(*2)

Quick CSRF depends on the beautiful lcobucci/jwt JWT implementation., _(*3)

Installation

Edit your project's composer.json to require zoxta/csrf., _(*4)

"require": {
    "zoxta/csrf": "dev-master"
}

Then run composer update, _(*5)

Usage

Just instantiate the class and you will be ready to go. You will also find an sample usage in the example directory., _(*6)

isInvalid()) {

        # return an error if CSRF token is invalid/expired
        echo '
Invalid token, stop.
';

    } else {

        echo '
Valid token, process form.
';

    }

    exit;
}

````
You can also just use the `isValid()` method immediately without any other requirements.

````php
if ($CsrfToken->isValid()) {

    # process the form request
    echo '
Valid token, process form.
';
    exit;

}
````

To echo the CSRFT token in your forms, you have two simple ways. You can either echo the token itself:

````html



Or you can echo the whole input field for simplicity using $CsrfToken->field() as the following:, (*7)

TODO

• Ability to edit default JWT options.
• Ability to support sending tokens via GET requests or request header.