Skip to content

osynapsy/csrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Osynapsy CSRF Protection

A lightweight and simple CSRF protection package for Osynapsy forms and actions.
Provides a stateless, HMAC-based token system to secure sensitive POST operations.

Features

  • Generate CSRF tokens (nonce + token) for forms.
  • Easy integration with Osynapsy Form components.
  • Optional check in actions extending AbstractAction.
  • Minimal and explicit: only enable CSRF where necessary.
  • No session overhead, fully stateless.

Installation

Install via Composer:

composer require osynapsy/csrf

Usage

Adding CSRF fields to a form

use Osynapsy\Csrf\FormCsrf;

$form = new \MyProject\Form\UserEditForm();
\FormCsrf::apply($form, $_ENV['CSRF_SECRET']);

This will add two hidden fields to your form:

  • csrf_nonce
  • csrf_token

Checking CSRF in an action

Extend your action from Osynapsy\Csrf\Action\AbstractAction:

public function execute()
{
    $this->checkCsrf(); // Validates the CSRF token and nonce

    // Your action logic here
}

The check will throw an exception if the CSRF token is missing or invalid.

Security Notes

Only enable CSRF on forms that perform sensitive POST operations. Use HTTPS and set secure cookies for sessions. Keep SECRET_KEY secret and unique per project. The package is stateless, so no server-side session storage is required.

Classes

Osynapsy\Csrf\Token – Generates and verifies CSRF tokens. Osynapsy\Csrf\FormCsrf – Helper to apply CSRF fields to a form. Osynapsy\Csrf\Action\AbstractAction – Base action with checkCsrf() method.

License

MIT licence

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages