marein/symfony-standard-headers-csrf-bundle
Composer 安装命令:
composer require marein/symfony-standard-headers-csrf-bundle
包简介
Protect symfony applications against CSRF attacks with the help of standard headers.
README 文档
README
Table of contents
Overview
Protect symfony applications against CSRF attacks with the help of standard headers.
The mechanism to prevent CSRF attacks which is used by this bundle can best be read under OWASP. The technique is named "Verifying Origin With Standard Headers".
How it works?
This bundle is based on the headers Host, Origin and Referer. They're part of the
forbidden headers
and cannot be changed programmatically with a standard browser. Please read the
OWASP
page carefully as this technique may not work in all cases.
This bundle returns a status code 403 if the request isn't safe.
A request is safe if at least one of the following criteria is met:
- the http method is a safe http method.
- the request path matches one of the
allowed_pathsfrom the configuration. - the origin header matches the
Hostheader or one of theallowed_originsfrom the configuration. fallback_to_refereris enabled and theRefererheader matches theHostheader or one of theallowed_originsfrom the configuration.allow_null_originis enabled and theOriginheader is equal to"null".
If there're trusted proxies configured in your symfony application,
X-Forwarded-Host is used instead of Host.
Installation and requirements
Add the bundle to your project.
composer require marein/symfony-standard-headers-csrf-bundle
Add the bundle in the kernel. This can be different for your setup.
public function registerBundles() { return [ // ... new \Marein\StandardHeadersCsrfBundle\MareinStandardHeadersCsrfBundle(), // ... ]; }
Configuration
This is an example of all configurations in yaml format.
marein_standard_headers_csrf: # List of regular expressions that are used to check for allowed request paths. # Each entry is automatically surrounded by the delimiter #. # # Type: string[] # Default: [] allowed_paths: - '^/api' # List of regular expressions that are used to check for allowed origins. # Each entry is automatically surrounded by the delimiter #. # # Type: string[] # Default: [] allowed_origins: - '^https?://my-domain\.com$' - '^https?://.*\.my-other-domain-including-subdomains\.com$' # Switch to enable the comparison of the host header and allowed_origins with the referer header. # # Type: bool # Default: true fallback_to_referer: true # Switch to allow "null" as a valid origin header value. # # Type: bool # Default: false allow_null_origin: false
Public api
Only the bundle configuration is part of the public api. Everything else can change and is not considered a breaking change. Please don't use classes or services directly.
marein/symfony-standard-headers-csrf-bundle 适用场景与选型建议
marein/symfony-standard-headers-csrf-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 8.99k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2020 年 09 月 24 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 marein/symfony-standard-headers-csrf-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 marein/symfony-standard-headers-csrf-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 8.99k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 11
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-09-24