schnittstabil/psr7-csrf-middleware
Composer 安装命令:
composer require schnittstabil/psr7-csrf-middleware
包简介
Stateless PSR-7 CSRF (Cross-Site Request Forgery) protection middleware - simple Slim Framework 3 integration.
关键字:
README 文档
README
Stateless PSR-7 CSRF (Cross-Site Request Forgery) protection middleware 🔏
Install
$ composer require schnittstabil/psr7-csrf-middleware
Usage
<?php require __DIR__.'/vendor/autoload.php'; use Schnittstabil\Psr7\Csrf\MiddlewareBuilder as CsrfMiddlewareBuilder; /* * Shared secret key used for generating and validating CSRF tokens: */ $key = 'This key is not so secret - change it!'; /* * Build a stateless Synchronizer Token Pattern CSRF proptection middleware. */ $csrfMiddleware = CsrfMiddlewareBuilder::create($key) ->buildSynchronizerTokenPatternMiddleware(); /* * Build a (AngularJS compatible) stateless Cookie-To-Header CSRF proptection middleware. * * Requires additional dependency: * composer require dflydev/fig-cookies */ $csrfMiddleware = CsrfMiddlewareBuilder::create($key) ->buildCookieToHeaderMiddleware(); ?>
Slim v3 Example
- See csrf-twig-helpers for complete Slim-Twig Examples.
<?php /* * Requires additional dependency: * composer require slim/slim */ require __DIR__.'/vendor/autoload.php'; use Psr\Http\Message\RequestInterface; use Psr\Http\Message\ResponseInterface; use Slim\App; use Schnittstabil\Psr7\Csrf\MiddlewareBuilder as CsrfMiddlewareBuilder; $app = new App(); /* * CSRF protection setup */ $app->getContainer()['csrf_token_name'] = 'X-XSRF-TOKEN'; $app->getContainer()['csrf'] = function ($c) { $key = 'This key is not so secret - change it!'; return CsrfMiddlewareBuilder::create($key) ->buildSynchronizerTokenPatternMiddleware($c['csrf_token_name']); }; $app->add('csrf'); /* * GET routes are not protected (by default) */ $app->get('/', function (RequestInterface $request, ResponseInterface $response) { $name = $this->csrf_token_name; $token = $this->csrf->getTokenService()->generate(); // render HTML... $response = $response->write("<input type=\"hidden\" name=\"$name\" value=\"$token\" />"); return $response->write('successfully GET!'); }); /* * POST routes are protected (by default; same applies to PUT, DELETE and PATCH) */ $app->post('/', function (RequestInterface $request, ResponseInterface $response) { return $response->write('successfully POST'); }); /* * Run application */ $app->run(); ?>
Related
- schnittstabil/csrf-tokenservice – the underlying (stateless) token service
- schnittstabil/csrf-twig-helpers – Twig helpers for token rendering
- Slim-Csrf – stateful (session based) CSRF protection
License
MIT © Michael Mayer
统计信息
- 总下载量: 109.6k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 7
- 点击次数: 0
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2016-02-13