定制 marein/symfony-standard-headers-csrf-bundle 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

marein/symfony-standard-headers-csrf-bundle

Composer 安装命令:

composer require marein/symfony-standard-headers-csrf-bundle

包简介

Protect symfony applications against CSRF attacks with the help of standard headers.

README 文档

README

CI

Table of contents

Overview

Protect symfony applications against CSRF attacks with the help of standard headers.

The mechanism to prevent CSRF attacks which is used by this bundle can best be read under OWASP. The technique is named "Verifying Origin With Standard Headers".

How it works?

This bundle is based on the headers Host, Origin and Referer. They're part of the forbidden headers and cannot be changed programmatically with a standard browser. Please read the OWASP page carefully as this technique may not work in all cases.

This bundle returns a status code 403 if the request isn't safe. A request is safe if at least one of the following criteria is met:

  • the http method is a safe http method.
  • the request path matches one of the allowed_paths from the configuration.
  • the origin header matches the Host header or one of the allowed_origins from the configuration.
  • fallback_to_referer is enabled and the Referer header matches the Host header or one of the allowed_origins from the configuration.
  • allow_null_origin is enabled and the Origin header is equal to "null".

If there're trusted proxies configured in your symfony application, X-Forwarded-Host is used instead of Host.

Installation and requirements

Add the bundle to your project.

composer require marein/symfony-standard-headers-csrf-bundle

Add the bundle in the kernel. This can be different for your setup.

public function registerBundles()
{
    return [
        // ...
        new \Marein\StandardHeadersCsrfBundle\MareinStandardHeadersCsrfBundle(),
        // ...
    ];
}

Configuration

This is an example of all configurations in yaml format.

marein_standard_headers_csrf:
    # List of regular expressions that are used to check for allowed request paths.
    # Each entry is automatically surrounded by the delimiter #.
    #
    # Type: string[]
    # Default: []
    allowed_paths:
        - '^/api'

    # List of regular expressions that are used to check for allowed origins.
    # Each entry is automatically surrounded by the delimiter #.
    #
    # Type: string[]
    # Default: []
    allowed_origins:
        - '^https?://my-domain\.com$'
        - '^https?://.*\.my-other-domain-including-subdomains\.com$'

    # Switch to enable the comparison of the host header and allowed_origins with the referer header.
    #
    # Type: bool
    # Default: true
    fallback_to_referer: true

    # Switch to allow "null" as a valid origin header value.
    #
    # Type: bool
    # Default: false
    allow_null_origin: false

Public api

Only the bundle configuration is part of the public api. Everything else can change and is not considered a breaking change. Please don't use classes or services directly.

marein/symfony-standard-headers-csrf-bundle 适用场景与选型建议

marein/symfony-standard-headers-csrf-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 8.99k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2020 年 09 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 marein/symfony-standard-headers-csrf-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 marein/symfony-standard-headers-csrf-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 marein/symfony-standard-headers-csrf-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 8.99k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 11
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2020-09-24