diff --git a/docs/classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html b/docs/classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html
index 26f5be8..e1185d1 100644
--- a/docs/classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html
+++ b/docs/classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html
@@ -127,7 +127,7 @@
-
Adds support for CSRF attack mitigation
+ Takes care of request validation logic for CSRF attack mitigation
@@ -167,7 +167,8 @@
: ResponseInterface
-Provide protection against CSRF attack.
+Produces a response for an invalid request or
+delegates request handling to the provided handler.
@@ -239,19 +240,21 @@
Provide protection against CSRF attack.
+ Produces a response for an invalid request or
+delegates request handling to the provided handler.
public
process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
- If the request fails the check,
-the provided request handler will be used
-to create the request.
+ if the request fails the check,
+this middleware will return a canned response
+with a response that is either Method Not Allowed,
+Bad Request or Forbidden.
Parameters
diff --git a/docs/classes/Phpolar-CsrfProtection-Http-CsrfResponseFilterMiddleware.html b/docs/classes/Phpolar-CsrfProtection-Http-CsrfResponseFilterMiddleware.html
index f31a722..d8634ec 100644
--- a/docs/classes/Phpolar-CsrfProtection-Http-CsrfResponseFilterMiddleware.html
+++ b/docs/classes/Phpolar-CsrfProtection-Http-CsrfResponseFilterMiddleware.html
@@ -169,7 +169,9 @@
: ResponseInterface
-Provide protection against CSRF attack.
+Stores a *request validation token* in
+server state and attaches the token to the
+response.
@@ -257,19 +259,20 @@
Provide protection against CSRF attack.
+ Stores a *request validation token* in
+server state and attaches the token to the
+response.
public
process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
- If the request fails the check,
-the provided request handler will be used
-to create the request.
+ The stored token SHOULD then be used to validate
+futher requests.
Parameters
diff --git a/docs/files/http-csrfrequestcheckmiddleware.html b/docs/files/http-csrfrequestcheckmiddleware.html
index 6a35a6c..9d66120 100644
--- a/docs/files/http-csrfrequestcheckmiddleware.html
+++ b/docs/files/http-csrfrequestcheckmiddleware.html
@@ -117,7 +117,7 @@
- CsrfRequestCheckMiddleware
- - Adds support for CSRF attack mitigation
+ - Takes care of request validation logic for CSRF attack mitigation
diff --git a/docs/js/searchIndex.js b/docs/js/searchIndex.js
index 404f786..c66bc7b 100644
--- a/docs/js/searchIndex.js
+++ b/docs/js/searchIndex.js
@@ -103,7 +103,7 @@ Search.appendIndex(
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\CsrfRequestCheckMiddleware",
"name": "CsrfRequestCheckMiddleware",
- "summary": "Adds\u0020support\u0020for\u0020CSRF\u0020attack\u0020mitigation",
+ "summary": "Takes\u0020care\u0020of\u0020request\u0020validation\u0020logic\u0020for\u0020CSRF\u0020attack\u0020mitigation",
"url": "classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html"
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\CsrfRequestCheckMiddleware\u003A\u003A__construct\u0028\u0029",
@@ -113,7 +113,7 @@ Search.appendIndex(
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\CsrfRequestCheckMiddleware\u003A\u003Aprocess\u0028\u0029",
"name": "process",
- "summary": "Provide\u0020protection\u0020against\u0020CSRF\u0020attack.",
+ "summary": "Produces\u0020a\u0020response\u0020for\u0020an\u0020invalid\u0020request\u0020or\ndelegates\u0020request\u0020handling\u0020to\u0020the\u0020provided\u0020handler.",
"url": "classes/Phpolar-CsrfProtection-Http-CsrfRequestCheckMiddleware.html#method_process"
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\CsrfResponseFilterMiddleware",
@@ -128,7 +128,7 @@ Search.appendIndex(
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\CsrfResponseFilterMiddleware\u003A\u003Aprocess\u0028\u0029",
"name": "process",
- "summary": "Provide\u0020protection\u0020against\u0020CSRF\u0020attack.",
+ "summary": "Stores\u0020a\u0020\u002Arequest\u0020validation\u0020token\u002A\u0020in\nserver\u0020state\u0020and\u0020attaches\u0020the\u0020token\u0020to\u0020the\nresponse.",
"url": "classes/Phpolar-CsrfProtection-Http-CsrfResponseFilterMiddleware.html#method_process"
}, {
"fqsen": "\\Phpolar\\CsrfProtection\\Http\\ResponseFilterPatternStrategy",
diff --git a/docs/namespaces/phpolar-csrfprotection-http.html b/docs/namespaces/phpolar-csrfprotection-http.html
index add671d..433d2ec 100644
--- a/docs/namespaces/phpolar-csrfprotection-http.html
+++ b/docs/namespaces/phpolar-csrfprotection-http.html
@@ -117,7 +117,7 @@
CsrfProtectionRequestHandler
Refuses to process an invalid request
CsrfRequestCheckMiddleware
- Adds support for CSRF attack mitigation
+ Takes care of request validation logic for CSRF attack mitigation
CsrfResponseFilterMiddleware
Adds support for CSRF attack mitigation
by attaching identifiers to the valid
diff --git a/docs/packages/Phpolar-CsrfProtection.html b/docs/packages/Phpolar-CsrfProtection.html
index 283db28..4740d2a 100644
--- a/docs/packages/Phpolar-CsrfProtection.html
+++ b/docs/packages/Phpolar-CsrfProtection.html
@@ -121,7 +121,7 @@
CsrfProtectionRequestHandler
Refuses to process an invalid request
CsrfRequestCheckMiddleware
- Adds support for CSRF attack mitigation
+ Takes care of request validation logic for CSRF attack mitigation
CsrfResponseFilterMiddleware
Adds support for CSRF attack mitigation
by attaching identifiers to the valid
diff --git a/src/Http/CsrfRequestCheckMiddleware.php b/src/Http/CsrfRequestCheckMiddleware.php
index 4ad2f74..394ae79 100644
--- a/src/Http/CsrfRequestCheckMiddleware.php
+++ b/src/Http/CsrfRequestCheckMiddleware.php
@@ -11,7 +11,7 @@
use Psr\Http\Server\RequestHandlerInterface;
/**
- * Adds support for CSRF attack mitigation
+ * Takes care of request validation logic for CSRF attack mitigation
*/
class CsrfRequestCheckMiddleware implements MiddlewareInterface
{
@@ -20,11 +20,13 @@ public function __construct(private RequestHandlerInterface $csrfCheckHandler)
}
/**
- * Provide protection against CSRF attack.
+ * Produces a response for an invalid request or
+ * delegates request handling to the provided handler.
*
- * If the request fails the check,
- * the provided request handler will be used
- * to create the request.
+ * if the request fails the check,
+ * this middleware will return a *canned response*
+ * with a response that is either **Method Not Allowed**,
+ * **Bad Request** or **Forbidden**.
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
diff --git a/src/Http/CsrfResponseFilterMiddleware.php b/src/Http/CsrfResponseFilterMiddleware.php
index 6cf8579..9b2453c 100644
--- a/src/Http/CsrfResponseFilterMiddleware.php
+++ b/src/Http/CsrfResponseFilterMiddleware.php
@@ -26,11 +26,12 @@ public function __construct(
}
/**
- * Provide protection against CSRF attack.
+ * Stores a *request validation token* in
+ * server state and attaches the token to the
+ * response.
*
- * If the request fails the check,
- * the provided request handler will be used
- * to create the request.
+ * The stored token SHOULD then be used to validate
+ * futher requests.
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{