承接 suin/symfony2-csrf-firewall-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

suin/symfony2-csrf-firewall-bundle

Composer 安装命令:

composer require suin/symfony2-csrf-firewall-bundle

包简介

Cross site request forgery firewall bundle for Symfony2

README 文档

README

This is a firewall bundle which protects your Symfony2 websites form CSRF(cross site request forgery) attack. This bundle works almost automatically, so you don't need to consider CSRF protections for each pages.

Features

  • All post-method-form will be protected from CSRF(even if you don't use Symfony Form's anti-CSRF)

Requirements

  • PHP 5.3 or later

Installation

Add suin/symfony2-csrf-firewall-bundle to your composer.json:

{
    "require": {
        "suin/symfony2-csrf-firewall-bundle":">=1.0.0"
    }
}

Execute composer to install:

$ php composer.phar update suin/symfony2-csrf-firewall-bundle

Add Suin\CSRFFirewallBundle\SuinCSRFFirewallBundle to your app/AppKernel.php:

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            ...
            new Suin\CSRFFirewallBundle\SuinCSRFFirewallBundle(),
        );
    ...
...

How it works

SuinCSRFFirewallBundle always check CSRF token at all POST method. If the token was not given or an invalid token was given, SuinCSRFFirewallBundle returns 404 Bad Request response to clienet and stops process before the action execution. (exactlly this filter works on kernel.controller event.)

At response (exactlly on kernel.response event), SuinCSRFFirewallBundle finds all post method forms in the response HTML and automatically embeds CSRF tokens to form to form.

Options

How to disable CSRF check at a specific action

With adding @CSRF(check=false) annotation to a specific action method, you can disable CSRF check at the action.

<?php

namespace Acme\YourBundle\Controller;

use Suin\CSRFFirewallBundle\Annotations\CSRF;

class FooController extends Controller
{
    ...

    /**
     * @Route("/{id}/create/", name="create")
     * @Template()
     * @CSRF(check=false)
     */
    public function createAction($id)
    {
    	...
        return [];
    }

    ...
...
    

How to change token key name

The default token key name is __token__. If you need to change the token key name, edit app/config/parameters.yml and define ``.

parameters:
    suin.csrf_firewall.token_name: your_favorite_token_name

License

MIT License, see LICENSE

统计信息

  • 总下载量: 885
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2012-10-22

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固