Download the PHP package dneustadt/csrf-cookie-bundle without Composer
On this page you can find all versions of the php package dneustadt/csrf-cookie-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package csrf-cookie-bundle
CSRF Cookie Bundle
This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints provided by Symfony through XHR.
Heavily influenced and inspired by DunglasAngularCsrfBundle
Requirements
- Symfony >= 5.x
Working method
To store the CSRF token client-side a cookie containing the token can be set by one or more predetermined routes. The bundle is pre-configured in a way that modern client-side http clients such as Axios will automatically pick up said cookie. On subsequent requests to Symfony the CSRF token can then be added to the HTTP header to be validated server-side. Again, some clients may already do so automatically e.g. Axios.
Installation
Use Composer to install this bundle:
General Configuration
Routes Configurations
Routes can be set up to either provide (create
) a token, be secured by (require
) a token or both.
Since the defaults of a single route or a route collection are used to configure the behaviour it is possible to do so either by means of configuration files or annotations.
For more information on conditions see ExpressionLanguage
As annotation:
Symfony Form Component
Built-in CSRF Protection of forms will be automatically disabled for routes that are configured to be secured by means of the token stored in the HTTP header, provided said token can be successfully validated.
All versions of csrf-cookie-bundle with dependencies
symfony/config Version ^5.0|^6.0
symfony/dependency-injection Version ^5.0|^6.0
symfony/http-foundation Version ^5.0|^6.0
symfony/http-kernel Version ^5.0|^6.0
symfony/security-csrf Version ^5.0|^6.0