Skip to content
/ CSRF-Protector-PHP Public
forked from mebjas/CSRF-Protector-PHP

CSRF Protector library: standalone library for CSRF mitigation

License

View license
0 stars 89 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

theorchard/CSRF-Protector-PHP

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

230 Commits

docs

docs

 
 

js

js

 
 

libs

libs

 
 

log

log

 
 

test

test

 
 

.coveralls.yml

.coveralls.yml

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

composer.json

composer.json

 
 

licence.md

licence.md

 
 

phpunit.xml.dist

phpunit.xml.dist

 
 

readme.md

readme.md

 
 

Repository files navigation

CSRF Protector

Todo Status Build Status codecov
CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.

Add to your project using packagist

Add a composer.json file to your project directory

{
   "require": {
       "owasp/csrf-protector-php": "dev-master"
   }
}

Then open terminal (or command prompt), move to project directory and run

composer install

OR

php composer.phar install

This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View packagist.org for more help with composer!

Configuration

For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrf/config.php Edit config accordingly. See Detailed Information link below.

Link to wiki - Editing Configurations & Mandatory requirements before using this library

How to use

<?php
include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';

//Initialise CSRFGuard library
csrfProtector::init();

simply include the library and call the init() function!

Detailed information @Project wiki on github

More information @OWASP wiki

Contribute

  • Fork the repo
  • Create your branch
  • Commit your changes
  • Create a pull request

Note

This version (master) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our nojs version

Discussion

Join Discussions at Google Group \ OWASP \ CSRF Protector

Join Discussions on the mailing list

For any other queries contact me at: minhaz@owasp.org

How to contribute?

Well, there are various ways to contribute to this project. Find few of them listed below:

  • Found a bug? Raise a bug in the issue page. Please make sure it's not a duplicate of an existing issue.
  • Have a feature request? Raise one at the issue page. As mentioned above please do a basic check if this enhancement exist in mentioned link.
  • Want to contribute code to this project?
    • Best way to start is by picking up one of the issues with Up For Grab label. Leave a comment, that you intend to help on this > fork > send a pull request to master branch.

FAQ:

  1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
  2. Secure flag in cookie? - mebjas#54
  3. NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support

About

CSRF Protector library: standalone library for CSRF mitigation

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases 2

v1.0.3 Latest
Mar 19, 2024
+ 1 release

Packages

No packages published

Languages

  • PHP 86.0%
  • JavaScript 14.0%