https://github.com/mebjas/csrf-protector-php

CSRF Protector library: standalone library for CSRF mitigation
https://github.com/mebjas/csrf-protector-php

csrf csrf-protector owasp php security standalone-library

Last synced: 9 months ago
JSON representation

CSRF Protector library: standalone library for CSRF mitigation

• Host: GitHub
• URL: https://github.com/mebjas/csrf-protector-php
• Owner: mebjas
• License: other
• Created: 2014-05-01T14:16:46.000Z (almost 12 years ago)
• Default Branch: master
• Last Pushed: 2024-07-12T07:08:09.000Z (over 1 year ago)
• Last Synced: 2025-05-11T10:39:30.445Z (9 months ago)
• Topics: csrf, csrf-protector, owasp, php, security, standalone-library
• Language: PHP
• Homepage: https://owasp.org/www-project-csrfprotector/
• Size: 354 KB
• Stars: 212
• Watchers: 16
• Forks: 88
• Open Issues: 42
• Metadata Files:
  • Readme: readme.md
  • Contributing: CONTRIBUTING.md
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          
CSRF Protector

==========================

[![Todo Status](http://todofy.org/b/mebjas/CSRF-Protector-PHP)](http://todofy.org/r/mebjas/CSRF-Protector-PHP)

[![Build Status](https://travis-ci.org/mebjas/CSRF-Protector-PHP.svg?branch=master)](https://travis-ci.org/mebjas/CSRF-Protector-PHP) 

[![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%205.4-8892BF.svg)](https://php.net/)


CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 

# Add to your project using packagist

 Add a `composer.json` file to your project directory

 ```json

 {

    "require": {

        "owasp/csrf-protector-php": "dev-master"

    }

}

```

Then open terminal (or command prompt), move to project directory and run

```shell

composer install

## Or alternatively

php composer.phar install

```

This will add CSRFP (library will be downloaded at `./vendor/owasp/csrf-protector-php`) to your project directory. View [packagist.org](https://packagist.org/) for more help with composer!

# Configuration

For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php

For non-composer installations: Copy the `libs/csrf/config.sample.php` file into `libs/csrf/config.php`

Edit config accordingly. See Detailed Information link below.

[Link to wiki - Editing Configurations & Mandatory requirements before using this library](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Configurations)

# How to use

```php

 then fork > and then send a pull request to `master branch`.

## FAQ:

1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires

2. Secure flag in a cookie? - https://github.com/mebjas/CSRF-Protector-PHP/issues/54

3. \[Deprecated\] ~NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support~