Download the PHP package phputil/csrf without Composer
On this page you can find all versions of the php package phputil/csrf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Please rate this library. Is it a good library?
Informations about the package csrf
phputil-csrf
🔌 CSRF middleware for phputil/router
Installation
Requires phputil/router v0.2.14+
Usage
With default options
Documentation
Argument $options
(array, default []
) can have the following keys:
disableTokenMasking
(bool, defaultfalse
) indicates if token masking should be disabled.- Note: By default, the randomly-generated token is masked through a XOR operation with a random key and then converted to base64.
disableTokenRenewal
(bool, defaultfalse
) indicates if token renewal should be disabled.tokenLength
(int, default20
) indicates the desired token length. Note that this is the unmasked token length.
Available Strategies
The following classes are available:
CookieBasedCsrfStrategy
: uses cookies to send and receive the CSRF token. That's the default strategy.- Its constructor receives two arguments, both optional:
$strategyOptions
(array, default[]
) that can have:"cookieName"
: the name of the CSRF cookie. By default, it iscsrf_token
.
$cookieOptions
(array, default[]
) that can have the same options as PHP's setcookie().
- Its constructor receives two arguments, both optional:
HeaderBasedCsrfStrategy
: uses HTTP headers to send and receive the CSRF token.- Its constructor receives one argument,
$strategyOptions
(array, default[]
), that is optional and can have:"requestHeaderName"
: expected request header. By default it is"X-CSRF-Token"
."responseHeaderName"
: produced response header. By default it is"CSRF-Token"
.
- Its constructor receives one argument,
Note: You can create your own CSRF strategy by implementing the interface CsrfStrategy
.
Available Storages
The following classes are available:
InSessionCsrfStorage
: uses PHP's$_SESSION
to store the CSRF token in order to compare it later.- Its constructor receives one optional argument,
$sessionKey
(string), which is the key stored in the$_SESSION
variable. By default it iscsrf
.
- Its constructor receives one optional argument,
Note: You can create your own CSRF storage by implementing the interface CsrfStorage
.
License
Thiago Delgado Pinto
All versions of csrf with dependencies
PHP Build Version
Package Version
No informations.
The package phputil/csrf contains the following files
Loading the files please wait ....