Download the PHP package dunglas/angular-csrf-bundle without Composer

On this page you can find all versions of the php package dunglas/angular-csrf-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package angular-csrf-bundle

JavaScript CSRF Protection Bundle

Archived! Now that all modern browsers implement SameSite cookies and the Origin HTTP header, this bundle is - in most cases - not necessary anymore. Learn how to protect your Symfony APIs from CSRF attacks. If you need to maintain old applications, take a look to DneustadtCsrfCookieBundle.

This API Platform and Symfony bundle provides automatic Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications.

Despite the name, it works with any client-side technology including Angular, React, Vue.js and jQuery. Actually, any JavaScript code issuing XMLHttpRequest or using the Fetch API can leverage this bundle.

Build Status SensioLabsInsight Dependency Status StyleCI

How it Works

Thanks to this bundle, the server-side application (the Symfony app) will automatically set a cookie named XSRF-Token containing a unique token during the first HTTP response sent to the browser. Subsequent asynchronous requests made by the JavaScript app with xhr or fetch send back the value of the cookie in a special HTTP header named X-XSRF-Token.

To prevent CSRF attacks, the bundle will check that the header's value match the cookie's value. This way, it will be able to detect and block CSRF attacks.

AngularJS (v1)'s ng.$http service has a built-in support for this CSRF protection system. If you use another framework or HTTP client (such as Axios), you just need to read the cookie value and add the HTTP header containing it by yourself.

This bundle provides a Symfony's Event Listener that set the cookie and another one that checks the HTTP header to block CSRF attacks.

Thanks to DunglasAngularCsrfBundle, you get CSRF security without modifying your code base.

This bundle works fine with both API Platform and FOSRestBundle.

Installation

Use Composer to install this bundle:

composer require dunglas/angular-csrf-bundle

If you use Symfony Flex, you're done.

Otherwise add the bundle in your application kernel:

Configure URLs where the cookie must be set and that must be protected against CSRF attacks:

Your app is now secured.

Examples

Full Configuration

Integration with the Symfony Form Component

When using the Symfony Form Component together with DunglasAngularCsrfBundle, the bundle will automatically disable the built-in form CSRF protection only if the CSRF token provided by the header is valid.

If no CSRF header is found or if the token is invalid, the form CSRF protection will not be disabled by the bundle.

If you want your form to be validated only by the form component system, make sure to remove its URL from the config.

Credits

This bundle has been created by Kévin Dunglas.


All versions of angular-csrf-bundle with dependencies

PHP Build Version
Package Version
Requires php Version >=7.0
symfony/config Version ^3.4 || ^4.0
symfony/dependency-injection Version ^3.4 || ^4.0
symfony/http-foundation Version ^3.4 || ^4.0
symfony/http-kernel Version ^3.4 || ^4.0
symfony/security-csrf Version ^3.4 || ^4.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package dunglas/angular-csrf-bundle contains the following files

Loading the files please wait ....