Download the PHP package ocramius/psr7-csrf without Composer
On this page you can find all versions of the php package ocramius/psr7-csrf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package psr7-csrf
PSR-7 Storage-less HTTP CSRF protection
PSR7Csrf is a PSR-7 middleware that enables CSRF protection for PSR-7 based applications.
DEPRECATED in favor of psr7-sessions/storageless 5.0.0+
Please note that this package is DEPRECATED.
Since psr7-sessions/storageless 5.0.0,
the generated cookies are CSRF-resistant by default for unsafe HTTP methods (POST/PUT/DELETE/PATCH/etc.),
so the usage of this package is no longer needed.
You can still install ocramius/psr7-csrf, but since there is no practical need for it,
it is not necessary to do so.
What is this about?
Instead of storing tokens in the session, PSR7Csrf simply uses JWT tokens, which can be verified, signed and have a specific lifetime on their own.
This storage-less approach prevents having to load tokens from a session or from a database, and simplifies the entire UI workflow: tokens are valid as long as their signature and expiration date holds.
Installation
Usage
The simplest usage is based on defaults. It assumes that you have a configured PSR-7 compatible application that supports piping middlewares, and it also requires you to run PSR7Session.
In a zendframework/zend-expressive
application, the setup would look like the following:
This setup will require that any requests that are not GET, HEAD or
OPTIONS contain a csrf_token in the request body parameters (JSON
or URL-encoded).
You can generate the CSRF token for any form like following:
Examples
Then try accessing http://localhost:9999: you should see a simple
submission form.
If you try modifying the submitted CSRF token (which is in a hidden
form field), then the POST request will fail.
Known limitations
Please refer to the known limitations of PSR7Session.
Also, this component does NOT prevent double-form-submissions: it merely prevents CSRF attacks from third parties. As long as the CSRF token is valid, it can be reused over multiple requests.
Contributing
Please refer to the contributing notes.
License
This project is made public under the MIT LICENSE.
All versions of psr7-csrf with dependencies
psr/http-message Version ^1.0.1
lcobucci/jwt Version ^3.2.2
psr/http-server-handler Version ^1.0.0
psr/http-server-middleware Version ^1.0.0
psr7-sessions/storageless Version ^4.0.0