Skip to content

adolf94/CSRF-Protector-PHP

6 Branches4 Tags
This branch is 6 commits ahead of, 4 commits behind mebjas/CSRF-Protector-PHP:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
Adolf Rey Along
handle httponly issue
May 26, 2020
ce0f696 · May 26, 2020

History

252 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
Mar 1, 2020
docs
docs
Aug 10, 2014
js
js
May 26, 2020
libs
libs
May 26, 2020
test
test
May 23, 2020
.coveralls.yml
.coveralls.yml
Mar 29, 2017
.gitignore
.gitignore
May 23, 2020
.travis.yml
.travis.yml
Jul 21, 2019
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Mar 1, 2020
CONTRIBUTING.md
CONTRIBUTING.md
Mar 1, 2020
composer.json
composer.json
Feb 3, 2018
licence.md
licence.md
Feb 15, 2015
phpunit.xml.dist
phpunit.xml.dist
Mar 17, 2018
readme.md
readme.md
May 23, 2020

Repository files navigation

CSRF Protector

Todo Status Build Status
CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.

Add to your project using packagist

Add a composer.json file to your project directory

{
   "require": {
       "owasp/csrf-protector-php": "dev-master"
   }
}

Then open terminal (or command prompt), move to project directory and run

composer install

## Or alternatively

php composer.phar install

This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View packagist.org for more help with composer!

Configuration

For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrf/config.php Edit config accordingly. See Detailed Information link below.

Link to wiki - Editing Configurations & Mandatory requirements before using this library

How to use

<?php
include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';

// Initialise CSRFProtector library
csrfProtector::init();

simply include the library and call the init() function!

More information

Discussions

Join Discussions at Google Group \ OWASP \ CSRF Protector

For any other queries contact me at: minhazav@gamil.com | minhaz@owasp.org

How to contribute?

General steps

  • Fork the repo
  • Create your branch
  • Commit your changes
  • Create a pull request

More?

Well, there are various ways to contribute to this project. Find a few of them listed below:

  • Found a bug? Raise a bug in the issue page. Please make sure it's not a duplicate of an existing issue.
  • Have a feature request? Raise one at the issue page. As mentioned above please do a basic check if this enhancement exists in the mentioned link.
  • Want to contribute code to this project?
    • The best way to start is by picking up one of the existing issues with Up For Grab label.
    • Leave a comment, that you intend to help on this > then fork > and then send a pull request to master branch.

FAQ:

  1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
  2. Secure flag in a cookie? - mebjas#54
  3. NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support

Appendix

JS not supported?

This version (in master branch) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our nojs version

About

CSRF Protector library: standalone library for CSRF mitigation

owasp.org/www-project-csrfprotector/

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • PHP 84.4%
  • JavaScript 15.6%