Skip to content

AthensFramework/CSRF

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status Code Climate Test Coverage Latest Stable Version

Athens/CSRF

Easily protect against CSRF attacks.

Installation

This library is published on packagist. To install using Composer, add the "athens/csrf": "0.1.*" line to your "require" dependencies:

{
    "require": {
        ...
        "athens/csrf": "1.*",
        ...
    }
}

Of course, if you're not using Composer then you can download the repository using the Download ZIP button at right.

Use

Using this package requires only two lines:

    // Import the CSRF class
    use Athens\CSRF\CSRF;
    
    // Intialize
    CSRF::init();

The method ::init() will automatically insert a hidden CSRF token field into your forms:

    <!--output html-->
    ...
    <form>
        <input type=hidden name=csrf_token value=37328bc2cac3e73623bc38ab0f4068ee7fa1>
    ...

This token will be included automatically in any of your form submissions.

Incase you perform form submission via AJAX, ::init() also inserts a CSRF_TOKEN variable into your javascript:

    <!--output html-->
    ...
    <head>
        <script>var CSRFTOKEN = '37328bc2cac3e73623bc38ab0f4068ee7fa1';</script>
    ...

This token will not automatically be included in your AJAX requests, but you may include it manually by referring to the CSRFTOKEN var in your submission script.

Compatibility

  • PHP 5.5, 5.6, 7.0

Todo

See GitHub issue tracker.

Getting Involved

Feel free to open pull requests or issues. GitHub is the canonical location of this project.

Here's the general sequence of events for code contribution:

  1. Open an issue in the issue tracker.
  2. In any order:
  • Submit a pull request with a failing test that demonstrates the issue/feature.
  • Get acknowledgement/concurrence.
  1. Revise your pull request to pass the test in (2). Include documentation, if appropriate.