Download the PHP package inventor96/mako-csrf without Composer
On this page you can find all versions of the php package inventor96/mako-csrf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download inventor96/mako-csrf
More information about inventor96/mako-csrf
Files in inventor96/mako-csrf
Package mako-csrf
Short Description A middleware wrapper around Mako's session tokens as an anti-CSRF mechanism.
License MIT
Informations about the package mako-csrf
Mako CSRF
A middleware wrapper around Mako's session tokens as an anti-CSRF mechanism.
Installation
-
Install the composer package:
-
Enable the package in Mako:
app/config/application.php
: -
Register the middleware:
app/http/routing/middleware.php
:It's also recommended you set a priority lower than the Mako default of 100:
app/http/routing/middleware.php
:At a bare minimum, it should be processed before any other middleware that might cause a change in application.
Configuration
The default configuration works out of the box, but you may want to change these values for the sake of obfuscation. If you would like to override the default configuration, create a new file at app/config/packages/csrf/csrf.php
.
The following configuration items and their defaults are as follows:
Usage
Middleware
The middleware will automatically require a valid CSRF token for any state-changing HTTP verb (e.g. POST
, DELETE
, etc.), and act as a pass-thru for others (e.g. GET
, HEAD
, etc.). To override this in either direction, you'll need to override the configuration on a per-route basis using the $required
parameter.
Views
There are two variables made available in views, and both are based on the view_var_name
config option. If you change the config option, replace mako_csrf_token
with your new value in the following examples:
$mako_csrf_token
: The CSRF token value itself.$mako_csrf_token_input
: An HTML hidden input element containing the CSRF token with thename
attribute set to theform_name
config option. This can be used directly in HTML forms.