Skip to content
CSRF Protector library: standalone library for CSRF mitigation
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs documentation added Aug 10, 2014
libs documentation corrected Mar 17, 2018
log Config for cookie expire, logDirectory and jsUrl Feb 9, 2018
test some fixes to random mistake Mar 17, 2018
.coveralls.yml updated config for travis and coveralls for code coverage Mar 29, 2017
.travis.yml travis yaml for build failure fixes, from master Oct 5, 2017
composer.json added license and updated composer file Feb 15, 2015

CSRF Protector

Todo Status Build Status codecov
CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.

Add to your project using packagist

Add a composer.json file to your project directory

   "require": {
       "owasp/csrf-protector-php": "dev-master"

Then open terminal (or command prompt), move to project directory and run

composer install


php composer.phar install

This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View for more help with composer!


For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrf/config.php Edit config accordingly. See Detailed Information link below.

Link to wiki - Editing Configurations & Mandatory requirements before using this library

How to use

include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';

//Initialise CSRFGuard library

simply include the library and call the init() function!

Detailed information @Project wiki on github

More information @OWASP wiki


  • Fork the repo
  • Create your branch
  • Commit your changes
  • Create a pull request


This version (master) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our nojs version


Join Discussions at Google Group \ OWASP \ CSRF Protector

Join Discussions on the mailing list

For any other queries contact me at:

How to contribute?

Well, there are various ways to contribute to this project. Find few of them listed below:

  • Found a bug? Raise a bug in the issue page. Please make sure it's not a duplicate of an existing issue.
  • Have a feature request? Raise one at the issue page. As mentioned above please do a basic check if this enhancement exist in mentioned link.
  • Want to contribute code to this project?
    • Best way to start is by picking up one of the issues with Up For Grab label. Leave a comment, that you intend to help on this > fork > send a pull request to master branch.


  1. What happens if token expires? -
  2. Secure flag in cookie? -
  3. NoJS support? -
You can’t perform that action at this time.