FyreCSRF is a free, open-source CSRF protection library for PHP.
Using Composer
composer require fyre/csrf
In PHP:
use Fyre\Security\CsrfProtection;$csrfProtection = new CsrfProtection($container, $config);Default configuration options will be resolved from the "Csrf" key in the Config.
$optionsis an array containing the configuration options.cookieis an array containing CSRF cookie options.nameis a string representing the cookie name, and will default to "CsrfToken".expiresis a number representing the cookie lifetime, and will default to 0.domainis a string representing the cookie domain, and will default to "".pathis a string representing the cookie path, and will default to "/".secureis a boolean indicating whether to set a secure cookie, and will default to true.httpOnlyis a boolean indicating whether to the cookie should be HTTP only, and will default to false.sameSiteis a string representing the cookie same site, and will default to "Lax".
saltis a string representing the CSRF session key and will default to "_csrfToken".fieldis a string representing the CSRF token field name, and will default to "csrf_token".headeris a string representing the CSRF token header name, and will default to "Csrf-Token".skipCheckis a Closure that accepts a ServerRequest as the first argument.
$container->use(Config::class)->set('Csrf', $options);Autoloading
It is recommended to bind the CsrfProtection to the Container as a singleton.
$container->singleton(CsrfProtection::class);Any dependencies will be injected automatically when loading from the Container.
$csrfProtection = $container->use(CsrfProtection::class);Before Response
Update the ClientResponse before sending to client.
$response = $csrfProtection->beforeResponse($request, $response);Check Token
Check CSRF token.
$requestis the ServerRequest.
$csrfProtection->checkToken($request);Get Cookie Token
Get the CSRF cookie token.
$cookieToken = $csrfProtection->getCookieToken();Get Field
Get the CSRF token field name.
$field = $csrfProtection->getField();Get Form Token
Get the CSRF form token.
$formToken = $csrfProtection->getFormToken();Get Header
Get the CSRF token header name.
$header = $csrfProtection->getHeader();use Fyre\Security\Middleware\CsrfProtectionMiddleware;$csrfProtectionis a CsrfProtection.
$middleware = new CsrfProtectionMiddleware($csrfProtection);Any dependencies will be injected automatically when loading from the Container.
$middleware = $container->build(CsrfProtectionMiddleware::class);Handle
Handle a ServerRequest.
$requestis a ServerRequest.$nextis a Closure.
$response = $middleware->handle($request, $next);This method will return a ClientResponse.