Skip to content

mebjas/CSRF-Protector-PHP

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 5 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/ISSUE_TEMPLATE
 
 
docs
 
 
js
 
 
libs
 
 
test
 
 
.coveralls.yml
 
 
.gitignore
 
 
.travis.yml
 
 
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
 
 
composer.json
 
 
licence.md
 
 
phpunit.xml.dist
 
 
readme.md
 
 
CSRF Protector Add to your project using packagist Configuration How to use More information Discussions How to contribute? General steps More? FAQ:

readme.md

CSRF Protector

Todo Status Build Status Minimum PHP Version
CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.

Add to your project using packagist

Add a composer.json file to your project directory

{
   "require": {
       "owasp/csrf-protector-php": "dev-master"
   }
}

Then open terminal (or command prompt), move to project directory and run

composer install

## Or alternatively

php composer.phar install

This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View packagist.org for more help with composer!

Configuration

For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrf/config.php Edit config accordingly. See Detailed Information link below.

Link to wiki - Editing Configurations & Mandatory requirements before using this library

How to use

<?php
include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';

// Initialise CSRFProtector library
csrfProtector::init();

simply include the library and call the init() function!

More information

Discussions

Join Discussions at Google Group \ OWASP \ CSRF Protector

For any other queries contact me at: minhazav@gamil.com | minhaz@owasp.org

How to contribute?

General steps

  • Fork the repo
  • Create your branch
  • Commit your changes
  • Create a pull request

More?

Well, there are various ways to contribute to this project. Find a few of them listed below:

  • Found a bug? Raise a bug in the issue page. Please make sure it's not a duplicate of an existing issue.
  • Have a feature request? Raise one at the issue page. As mentioned above please do a basic check if this enhancement exists in the mentioned link.
  • Want to contribute code to this project?
    • The best way to start is by picking up one of the existing issues with Up For Grab label.
    • Leave a comment, that you intend to help on this > then fork > and then send a pull request to master branch.

FAQ:

  1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
  2. Secure flag in a cookie? - #54
  3. [Deprecated] NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support

About

CSRF Protector library: standalone library for CSRF mitigation

owasp.org/www-project-csrfprotector/

Topics

php security owasp csrf csrf-protector standalone-library

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity

Stars

209 stars

Watchers

17 watching

Forks

90 forks
Report repository

Releases 5

OWASP CSRF Protector V1.0.2 Latest
May 23, 2020
+ 4 releases

Packages

No packages published

Contributors 14

+ 3 contributors

Languages