Download the PHP package suin/symfony2-csrf-firewall-bundle without Composer
On this page you can find all versions of the php package suin/symfony2-csrf-firewall-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download suin/symfony2-csrf-firewall-bundle
More information about suin/symfony2-csrf-firewall-bundle
Files in suin/symfony2-csrf-firewall-bundle
Package symfony2-csrf-firewall-bundle
Short Description Cross site request forgery firewall bundle for Symfony2
License MIT License
Homepage https://github.com/suin/symfony2-csrf-firewall-bundle
Informations about the package symfony2-csrf-firewall-bundle
Suin\CSRFFirewallBundle for Symfony2
This is a firewall bundle which protects your Symfony2 websites form CSRF(cross site request forgery) attack. This bundle works almost automatically, so you don't need to consider CSRF protections for each pages.
Features
- All post-method-form will be protected from CSRF(even if you don't use Symfony Form's anti-CSRF)
Requirements
- PHP 5.3 or later
Installation
Add suin/symfony2-csrf-firewall-bundle
to your composer.json:
Execute composer to install:
Add Suin\CSRFFirewallBundle\SuinCSRFFirewallBundle
to your app/AppKernel.php
:
How it works
SuinCSRFFirewallBundle always check CSRF token at all POST method. If the token was not given or an invalid token was given, SuinCSRFFirewallBundle returns 404 Bad Request response to clienet and stops process before the action execution. (exactlly this filter works on kernel.controller
event.)
At response (exactlly on kernel.response
event), SuinCSRFFirewallBundle finds all post method forms in the response HTML and automatically embeds CSRF tokens to form to form.
Options
How to disable CSRF check at a specific action
With adding @CSRF(check=false)
annotation to a specific action method, you can disable CSRF check at the action.
How to change token key name
The default token key name is __token__
. If you need to change the token key name, edit app/config/parameters.yml
and define ``.
License
MIT License, see LICENSE