csrf

Simple CSRF implementation.

Install

Via Composer

$ composer require publishing-kit/csrf

You will also need to include one of the supported session libraries. Currently these are:

• symfony/http-foundation
• laminas/laminas-session

Usage

Here is an example of using the library to create and validate a token using the Laminas backend:

$session = new Laminas\Session\Container();
$storage = new PublishingKit\Csrf\LaminasSessionTokenStorage($session);
$reader = new PublishingKit\Csrf\StoredTokenReader($storage);
$token = $reader->read('foo');
$validator = new PublishingKit\Csrf\StoredTokenValidator($storage);
$validator->validate('foo', $token);

And here we use the Symfony backend:

$session = new Symfony\Component\HttpFoundation\Session\Session(
    new Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage()
);
$storage = new PublishingKit\Csrf\SymfonySessionTokenStorage($session);
$reader = new PublishingKit\Csrf\StoredTokenReader($storage);
$token = $reader->read('foo');
$validator = new PublishingKit\Csrf\StoredTokenValidator($storage);
$validator->validate('foo', $token);

Change log

Please see CHANGELOG for more information on what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING and CODE_OF_CONDUCT for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

• Matthew Daly
• All Contributors

License

The MIT License (MIT). Please see License File for more information.